General Source code up - Stock ROM up - Time to find root

Search This thread

Alpha_Radke

Member
Jun 26, 2021
28
19
We got Nokia 5.4 source code and firmware up. I have been looking deep into the source code for any tricks before building it.
However we have boot.img now and I think we should get magisk support here.

As excepted we have these results:
Code:
cp: can't preserve ownership of 'busybox': Operation not permitted
cp: can't preserve ownership of 'magisk32': Operation not permitted
cp: can't preserve ownership of 'magisk64': Operation not permitted
cp: can't preserve ownership of 'magiskboot': Operation not permitted
cp: can't preserve ownership of 'magiskinit': Operation not permitted
 

Attachments

  • magisk_install_log_2021-06-27T183121Z.log
    3.6 KB · Views: 82

Alpha_Radke

Member
Jun 26, 2021
28
19
Found a way into adb sideloading!! which is good since this device almost has no recovery mode after last OTA. Time to sue HMD ?
 
Last edited:
  • Like
Reactions: Thang150898

Alpha_Radke

Member
Jun 26, 2021
28
19
All we need now is a way to change active slot from B to A

Or nvm I think I found a way to bypass downgrading permission. Will update soon
 
Last edited:
  • Like
Reactions: Thang150898

Alpha_Radke

Member
Jun 26, 2021
28
19
Currently stuck with Incremental OTA payload.bin

Need to extract it so I can edit things like dm verity, vbmeta, boot.img

This will probably be the end of the trick for the device. At least manually, for root access and further unlock chances
 
  • Like
Reactions: Thang150898
Jan 15, 2019
15
3
I know this probably still is WIP but is I may ask, how did you flash the payload.bin file? And for adb sideload you can do
Code:
adb reboot sideload
than the device will reboot into sideload mode. After that you can just do
Code:
adb sideload <Path to file.zip>
and the ota will be flashed.
 
  • Like
Reactions: Thang150898

Alpha_Radke

Member
Jun 26, 2021
28
19
I know this probably still is WIP but is I may ask, how did you flash the payload.bin file? And for adb sideload you can do
Code:
adb reboot sideload
than the device will reboot into sideload mode. After that you can just do
Code:
adb sideload <Path to file.zip>
and the ota will be flashed.
Already done. But we don't have downgrade permissions and we only have older OTA updates so it won't let me flash. I will have to build an official OTA rooted, with disabled verification, and fake version update to bypass.. probably everything.
 
  • Like
Reactions: Thang150898

Alpha_Radke

Member
Jun 26, 2021
28
19
And you can't flash payload.bin? I have been gathering as much information and experimenting a little since this is my very first time in the Android development community. And everything seems ready now and should work as intended cuz no place for theories here. First we had the whole source code and OTA. Now we have root access and verification methods. Development starts tomorrow. I will be slow cuz I'm still learning and I'm a lazy college student
 
And you can't flash payload.bin? I have been gathering as much information and experimenting a little since this is my very first time in the Android development community. And everything seems ready now and should work as intended cuz no place for theories here. First we had the whole source code and OTA. Now we have root access and verification methods. Development starts tomorrow. I will be slow cuz I'm still learning and I'm a lazy college student
bạn có thể giúp tôi root nokia 5.4 được không

Can you help me root nokia 5.4?
 
Last edited by a moderator:

jeunfue

New member
Oct 23, 2021
1
0
@Alpha_Radke I am not expert on these things except I have a nokia 5.4 + linux knowledge and willing to test things.

Edit: I see in your other post you upload full ota.zip (1.7gb), however I dont see how this could work with sideload (e.g. if you replace boot.img with magisk patched version) as the cert inside would need to match the cert on /system/etc/security/otacerts.zip on the device afaik? https://boundarydevices.com/android-security-part-2-ota-updates/ explains that usually ota signature verified twice (once during OS being booted, then again inside recovery). I think we will need some signature bypass in sideload mode.

The pubkey inside your payload.bin from the other post is here, if we want to use sideload I think we need the private key corresponding to this (which is protected by HMD on their build servers), so it seems options are:

- leak/compromise hmd to steal the ota private key
- find signature bypass inside sideload (if this sideload is coded by HMD there is honestly a good chance)
- ignore sideload situation and try something else

The payload.bin you posted is a differential OTA, the boot.img inside (and actually all the files) is bsdiff2 file (its only 241 bytes). I extracted using https://github.com/vm03/payload_dumper and just modified it to not sys.exit on SOURCE_COPY. I think if you want to extract boot.img for magisk patching we would either need all OTA parts or a full OTA payload.


Files inside payload.bin:

Code:
$ for i in $(ls output); do echo -n $i,; xxd output/$i |grep BSDF; done
abl.img,00001000: 4253 4446 3202 0202 2700 0000 0000 0000  BSDF2...'.......
bluetooth.img,0000b000: 4253 4446 3202 0202 1b00 0000 0000 0000  BSDF2...........
boot.img,00000000: 4253 4446 3202 0202 1800 0000 0000 0000  BSDF2...........
devcfg.img,00001000: 4253 4446 3202 0202 7900 0000 0000 0000  BSDF2...y.......
dsp.img,featenabler.img,00002000: 4253 4446 3202 0202 6400 0000 0000 0000  BSDF2...d.......
hyp.img,00001000: 4253 4446 3202 0202 1800 0000 0000 0000  BSDF2...........
imagefv.img,00001000: 4253 4446 3202 0202 1800 0000 0000 0000  BSDF2...........
keymaster.img,00001000: 4253 4446 3202 0202 bb00 0000 0000 0000  BSDF2...........
modem.img,0000f000: 4253 4446 3202 0202 d6c8 0100 0000 0000  BSDF2...........
qupfw.img,00002000: 4253 4446 3202 0202 4e00 0000 0000 0000  BSDF2...N.......
rpm.img,00001000: 4253 4446 3202 0202 8000 0000 0000 0000  BSDF2...........
tz.img,00002000: 4253 4446 3202 0202 2f00 0000 0000 0000  BSDF2.../.......
uefisecapp.img,00001000: 4253 4446 3202 0202 8501 0000 0000 0000  BSDF2...........
vbmeta.img,00000000: 4253 4446 3202 0202 1900 0000 0000 0000  BSDF2...........
xbl_config.img,00001000: 4253 4446 3202 0202 4900 0000 0000 0000  BSDF2...I.......
xbl.img,00001000: 4253 4446 3202 0202 8200 0000 0000 0000  BSDF2...........


Another thing to note is that if you boot the Nokia 5.4 into sideload mode, after 5 minutes it will timeout and drop you into Android Recovery mode, sadly it looks quite limited with only reboot, enter fastboot or poweroff. When i went to fastboot mode it is not reachable via fastboot command from SDK, so i assume either proprietary driver needed (like odin) or something else
 
Last edited:

AlmHtng

New member
Feb 2, 2022
2
0
Interested to know if there's been any progress into this phone as well. Anyone still trying this?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    We got Nokia 5.4 source code and firmware up. I have been looking deep into the source code for any tricks before building it.
    However we have boot.img now and I think we should get magisk support here.

    As excepted we have these results:
    Code:
    cp: can't preserve ownership of 'busybox': Operation not permitted
    cp: can't preserve ownership of 'magisk32': Operation not permitted
    cp: can't preserve ownership of 'magisk64': Operation not permitted
    cp: can't preserve ownership of 'magiskboot': Operation not permitted
    cp: can't preserve ownership of 'magiskinit': Operation not permitted
    2
    And you can't flash payload.bin? I have been gathering as much information and experimenting a little since this is my very first time in the Android development community. And everything seems ready now and should work as intended cuz no place for theories here. First we had the whole source code and OTA. Now we have root access and verification methods. Development starts tomorrow. I will be slow cuz I'm still learning and I'm a lazy college student
    1
    Found a way into adb sideloading!! which is good since this device almost has no recovery mode after last OTA. Time to sue HMD ?
    1
    Where the fk is EDL mode ?
    1
    Can you help me root nokia 5.4?

    I'm working on it