• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

[Tool] Signing tool for pre 3.2.4 booloaders

Search This thread

vortox

Senior Member
Jan 20, 2012
50
132
I am proud to present you my image signing tool called Cuber.
The name is an abbreviation of Cube Root finder. This is basically what the tool does.

About

This is a tool that checks and signs recovery/boot images for Little Kernel bootloaders missing the patch for for CVE-2014-0973.

Who is vulnurable?

Kindle Fire HDX tablets with firmware versions older than 3.2.4. On 3.2.4 it is NOT working.
Probably many devices using pre 13 June 2014 Little Kernel bootloaders. (no guarantees)

Requirements on an Ubuntu system:

Code:
gcc
libmpc-dev
libmpfr-dev
libgmp3-dev
libssl-dev
python
python-pip

Also the following python package is required:
Code:
gmpy2
install it using pip:
Code:
sudo pip install gmpy2

Installation

Download the source code from https://github.com/Verteo/Cuber to your desired folder, go to the folder and run make.

Usage

Code:
./cuber -check path/to/image.img
checks if the image would pass the signature verification

Code:
./cuber -sign path/to/input/image.img path/to/output/image.img
creates a signature for the given image and creates a new signed at the specified location

The files prodcert.pem and signature.py are required by the application to work

Why python?

It is easier to handle bignums in python than in c++.

The exploit

https://www.codeaurora.org/projects...tion-leads-to-signature-forgery-cve-2014-0973
The bootloader is not properly checking the number of bytes decrypted from the signature. This allows us insert to garbage bytes and create a forged signature.
A decrypted (cubed) PKCS#1 v1.5 padded signature starts with 00 01 PS 00.
PS is the padding string and consists at least of 8 FF bytes
After the start of the signature comes the 32 byte long SHA256 image hash.
So the decrypted signature should look something like this:
Code:
00 01 FF FF FF FF FF FF FF FF 00 xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..

Where xx is the hash and the .. are the garbage bytes.
The garbage byte can have an arbitrary value. We use them to create a perfect cube root.

Example

Hash of example image:

Code:
A9 07 1C A3 31 43 16 F7 2E 9A FF B3 31 46 A6 EC 60 6E DE 42 45 9E 4C 9B 6B 5F B0 E1 97 1C 33 85

Desired cubed signature:

Code:
00 01 FF FF FF FF FF FF FF FF 00 A9 07 1C A3 31 
43 16 F7 2E 9A FF B3 31 46 A6 EC 60 6E DE 42 45
9E 4C 9B 6B 5F B0 E1 97 1C 33 85 .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..

Generated signature:

Code:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 32 CB FD 4A 7A
DC 79 05 58 41 75 78 07 60 1D 4F D5 09 9A 22 ED
4A F3 B3 46 62 94 03 A0 78 BF AE E1 FF 07 49 B4
98 C9 C7 F6 96 A1 66 E1 3A D0 8A 97 9D 82 4D 64
08 4E 91 B1 D3 F8 EB 97 81 57 92 97 D3 F2 E5 D5
6F A4 6C DC 91 79 11 A4 9F 23 83 4E A4 84 20 C0

Generated signature cubed:

Code:
00 01 FF FF FF FF FF FF FF FF 00 A9 07 1C A3 31 
43 16 F7 2E 9A FF B3 31 46 A6 EC 60 6E DE 42 45
9E 4C 9B 6B 5F B0 E1 97 1C 33 85 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 8D C2 E5 F5 65 19 0A BA 69 BA
14 29 BE 83 F4 2E 61 04 3E 1E 59 79 3C C6 D6 D8
D0 59 D1 46 E4 D4 86 B8 D4 A0 C1 2F 3A 4C 72 F7
F4 14 E7 CF CE 3F 5D A3 53 25 D6 7B 7B 83 AF 66
B8 42 A7 06 79 7C 31 69 51 43 F6 83 B2 29 65 81
F5 B0 9D 93 77 6B BA 83 52 C0 F0 68 93 AF 65 9E
19 F2 EC 9D 9A 76 90 30 15 5F F5 B5 88 EB 89 FE
CB DC 3A 4E D7 71 32 E3 10 FF 39 C0 C0 73 47 71
A2 C4 07 7A 3C E2 F7 96 68 A3 C8 35 40 33 02 A5
AA 4E CB BB AC 56 DB 98 F2 50 76 BD A7 82 6E C3
AC 34 F4 E9 E7 87 99 43 B4 6E 94 67 F6 6C 00 00

As you may notice this is valid signature.

Disclaimer

I'm not an expert at cryptography, my statements may be false or incomplete.
 
Last edited:

EncryptedCurse

Senior Member
Jul 9, 2014
650
300
I'm not sure if this is an isolated problem, but I'm getting errors when I try to compile:
Code:
[email protected]:/Cuber-master# make
g++ -Iinclude Cuber.cpp -o Cuber -lcrypto
In file included from Cuber.h:7:0,
                 from Cuber.cpp:1:
bootimg.h:108:5: error: ‘uint32_t’ does not name a type
     uint32_t insn;
     ^
bootimg.h:109:5: error: ‘uint32_t’ does not name a type
     uint32_t res1;
     ^
bootimg.h:110:5: error: ‘uint64_t’ does not name a type
     uint64_t text_offset;
     ^
bootimg.h:111:5: error: ‘uint64_t’ does not name a type
     uint64_t res2;
     ^
bootimg.h:112:5: error: ‘uint64_t’ does not name a type
     uint64_t res3;
     ^
bootimg.h:113:5: error: ‘uint64_t’ does not name a type
     uint64_t res4;
     ^
bootimg.h:114:5: error: ‘uint64_t’ does not name a type
     uint64_t res5;
     ^
bootimg.h:115:5: error: ‘uint64_t’ does not name a type
     uint64_t res6;
     ^
bootimg.h:116:5: error: ‘uint32_t’ does not name a type
     uint32_t magic_64;
     ^
bootimg.h:117:5: error: ‘uint32_t’ does not name a type
     uint32_t res7;
     ^
Cuber.cpp: In function ‘int main(int, char**)’:
Cuber.cpp:18:30: error: ‘strcmp’ was not declared in this scope
  if (strcmp(argv[1], "-check") == 0 && argc == 3){
                              ^
Cuber.cpp:22:29: error: ‘strcmp’ was not declared in this scope
  if (strcmp(argv[1], "-sign") == 0 && argc == 4) {
                             ^
Cuber.cpp: In function ‘int check_image(char*)’:
Cuber.cpp:77:41: error: ‘memcpy’ was not declared in this scope
  memcpy(hdr, image, sizeof(boot_img_hdr));
                                         ^
Cuber.cpp:83:45: error: ‘memcmp’ was not declared in this scope
  if (memcmp((char*)hdr->magic, "ANDROID!", 8) != 0){
                                             ^
Cuber.cpp: In function ‘int sign_image(char*, char*)’:
Cuber.cpp:168:45: error: ‘memcmp’ was not declared in this scope
  if (memcmp((char*)hdr->magic, "ANDROID!", 8) != 0){
                                             ^
Cuber.cpp:235:37: error: ‘memset’ was not declared in this scope
  memset(signature, 0, SIGNATURE_SIZE);
                                     ^
Cuber.cpp:249:62: error: ‘memcpy’ was not declared in this scope
    memcpy(image + imagesize_actual, signature, SIGNATURE_SIZE);
                                                              ^
Cuber.cpp: In function ‘int verify_image(unsigned char*, unsigned char*, unsigned int)’:
Cuber.cpp:359:42: error: ‘memcmp’ was not declared in this scope
  if (memcmp(plain_text, digest, hash_size) != 0) {
                                          ^
Cuber.cpp: In function ‘int create_signature(unsigned char*, unsigned char*)’:
Cuber.cpp:450:48: error: ‘memcpy’ was not declared in this scope
  memcpy(outputbuffer + offset, buffer, filesize);
                                                ^
Makefile:2: recipe for target 'all' failed
make: *** [all] Error 1
 

Reckerr

Senior Member
Feb 26, 2012
76
9
Not sure if i should post here but can I say genius.... The people who develop here are extremely talented in what they do. To be on point. That is amazing work you have put together. Roots and cubing....my gosh...
 

dray

Senior Member
Apr 13, 2008
394
39
What are the chances this works on Amazon's Fire phone? I just picked one up dirt cheap and I would love to flash CM on it.
 

r3pwn

Inactive Recognized Developer
Jul 11, 2012
1,745
2,046
Lakeland, FL
r3pwn.com

vortox

Senior Member
Jan 20, 2012
50
132
What are the chances this works on Amazon's Fire phone? I just picked one up dirt cheap and I would love to flash CM on it.

Maybe an unsigned fire phone boot image might be signed with this?

Sent from my GT-i9100 running CM11

Yes you can sign an image. You just need a vulnurable bootloader. The exploit was publicly fixed on 13 June and the first patched bootloader for the hdx tablets ( .3.2.4) was compiled on 20 June.
 

cerveca

Member
Jul 22, 2014
26
9
I guess nobody has tested this yet since vortox created this specifically for our devices. It may work for other devices as well, but it can only be devolved by people who have those other devices
 
M

moonbutt74

Guest
It should work with other chipsets, as long as they use Qualcomm's Little Kernel bootloader.

V,

according to the articles affected projects/products
Affected Projects
Android for MSM Firefox OS for MSM QRD Android

i will be trying this out for a locked device [msm] that i do not own but i have an unlocked equivalent.
that being said, i have a few questions,

can i just "port" the signature from another image via hex, if so/not the "magic" from OP should be similar/uniform
across devices ? if no, would you know a good rule of thumb for finding the signature ?

though i would be testing on an unlocked device, if in last_kmsg the signature check comes through as valid
can i assume the approach will succeed for the locked device?

i have alot more questions but, don't want to take up your time. thanks.

m

okay, a few more questions, the device i'm working for is 32bit,
in bootimg.h does this need to be modified?
Code:
#define KERNEL64_HDR_MAGIC 0x644D5241 /* ARM64 */

struct kernel64_hdr
{
    uint32_t insn;
    uint32_t res1;
    uint64_t text_offset;
    uint64_t res2;
    uint64_t res3;
    uint64_t res4;
    uint64_t res5;
    uint64_t res6;
    uint32_t magic_64;
    uint32_t res7;
};

#endif

and how/where do i find that info? also how do i obtain prodcert.pem for this device , or any device really.
in breaking down the recovery.img i find publiccert.pem.

Right now either way i slice it i get and invalid signature on a check of the stock recovery.img.

thanks.

m

also in signature.py , how to adjust for a samsung device and again where/how to acquire that data

Code:
def createsig():
    # modulus of of amazon certificate
    modulus = 0x00c88adfc863913d4e7a63680297db526bd5dfec3d62cba01b358691d5bf3c2599a7c036f70e3044bd04c8a0b4aabd6a1dab829a787c060fd58f0ecdbdda9ca7b08b1e8a3e1dc28e73c8b7d6f66ee39d260e0b7b4773d200c14a9167a5f5697008ea44cae2ecba0cc3ccf7678011ec871b0228db3ca64f4abc70cb954f5fe1816e4b1b7929b6625ba070d2d2e7df5fc30b6e412c9ee77a14fac94ef71d234ad30c29558830b690ca89601e5ad11eee1b087203a9e66d1a9bd5cc2bc060583f362cf854f7bf780abc6ed08fd393da72c7f07948c438421293da5ab261c976da5bfd1a86470eb4b8e4dc09f692124c64090bea03d62f8a5650d90e88cd6f7859
    # PKCS#1 v1.5 fixed prefix
    prefix = 0x0001FFFFFFFFFFFFFFFF000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

    #load the hash from created file
    f = open("hash.abc", "rb")
    block = f.read(32)
    hash = struct.unpack('>4Q', block)
    hash0 = int(hash[0])<<192
    hash1 = int(hash[1])<<128
    hash2 = int(hash[2])<<64
    hash3 = int(hash[3])
    hash5 = hash0 + hash1 + hash2 + hash3
    # get hash to right position
    hash = hash5 << 1704

    #create forged prefix
    prefix = forge_prefix(prefix+hash, 86*8, modulus)

    # write signature to file
    pref = int(prefix)
    file = open("signature.abc","wb")
    file.write(long_to_bytes(pref, "big"))

createsig()
 
Last edited:

vortox

Senior Member
Jan 20, 2012
50
132
V,

according to the articles affected projects/products
Affected Projects
Android for MSM Firefox OS for MSM QRD Android

i will be trying this out for a locked device [msm] that i do not own but i have an unlocked equivalent.
that being said, i have a few questions,

I will try my best to answer them.

can i just "port" the signature from another image via hex, if so/not the "magic" from OP should be similar/uniform
across devices ? if no, would you know a good rule of thumb for finding the signature ?

This doesn't work as the the signature contains the encrypted hash of the image which is then encrypted and compared to the calculated hash of the image. Copying the signature will result in a signature mismatch and therefore an invalid image.

though i would be testing on an unlocked device, if in last_kmsg the signature check comes through as valid
can i assume the approach will succeed for the locked device?

I'm not sure about that approach. On the HDX and in LK reference code the signature shouldn't be checked if the device is unlocked.

okay, a few more questions, the device i'm working for is 32bit,
in bootimg.h does this need to be modified?
Code:
#define KERNEL64_HDR_MAGIC 0x644D5241 /* ARM64 */

struct kernel64_hdr
{
    uint32_t insn;
    uint32_t res1;
    uint64_t text_offset;
    uint64_t res2;
    uint64_t res3;
    uint64_t res4;
    uint64_t res5;
    uint64_t res6;
    uint32_t magic_64;
    uint32_t res7;
};

#endif

The HDX is 32bit, too. My application is written for 32bit images. ( I should add that in the description)

and how/where do i find that info? also how do i obtain prodcert.pem for this device , or any device really.
in breaking down the recovery.img i find publiccert.pem.

The prodcert.pem shouldn't matter in an exploitable implementation. It's just there because my code is almost a 1:1 copy of the LK code, which requires certificate.

Right now either way i slice it i get and invalid signature on a check of the stock recovery.img.

Could you send me the image?

also in signature.py , how to adjust for a samsung device and again where/how to acquire that data

Code:
def createsig():
    # modulus of of amazon certificate
    modulus = 0x00c88adfc863913d4e7a63680297db526bd5dfec3d62cba01b358691d5bf3c2599a7c036f70e3044bd04c8a0b4aabd6a1dab829a787c060fd58f0ecdbdda9ca7b08b1e8a3e1dc28e73c8b7d6f66ee39d260e0b7b4773d200c14a9167a5f5697008ea44cae2ecba0cc3ccf7678011ec871b0228db3ca64f4abc70cb954f5fe1816e4b1b7929b6625ba070d2d2e7df5fc30b6e412c9ee77a14fac94ef71d234ad30c29558830b690ca89601e5ad11eee1b087203a9e66d1a9bd5cc2bc060583f362cf854f7bf780abc6ed08fd393da72c7f07948c438421293da5ab261c976da5bfd1a86470eb4b8e4dc09f692124c64090bea03d62f8a5650d90e88cd6f7859
    # PKCS#1 v1.5 fixed prefix
    prefix = 0x0001FFFFFFFFFFFFFFFF000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

    #load the hash from created file
    f = open("hash.abc", "rb")
    block = f.read(32)
    hash = struct.unpack('>4Q', block)
    hash0 = int(hash[0])<<192
    hash1 = int(hash[1])<<128
    hash2 = int(hash[2])<<64
    hash3 = int(hash[3])
    hash5 = hash0 + hash1 + hash2 + hash3
    # get hash to right position
    hash = hash5 << 1704

    #create forged prefix
    prefix = forge_prefix(prefix+hash, 86*8, modulus)

    # write signature to file
    pref = int(prefix)
    file = open("signature.abc","wb")
    file.write(long_to_bytes(pref, "big"))

createsig()

The only thing you may have to change would be the modulus, but shouldn't do that. The prefix is static and doesn't need to change and the hash of image is passed using a file created by the application.

You said you are using a Samsung device and as far as I know Samsung likes to create their own implementation of something. Without an analysis of the bootloader I'm not able to say if they are using a LK bootloader or if it is exploitable.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 27
    I am proud to present you my image signing tool called Cuber.
    The name is an abbreviation of Cube Root finder. This is basically what the tool does.

    About

    This is a tool that checks and signs recovery/boot images for Little Kernel bootloaders missing the patch for for CVE-2014-0973.

    Who is vulnurable?

    Kindle Fire HDX tablets with firmware versions older than 3.2.4. On 3.2.4 it is NOT working.
    Probably many devices using pre 13 June 2014 Little Kernel bootloaders. (no guarantees)

    Requirements on an Ubuntu system:

    Code:
    gcc
    libmpc-dev
    libmpfr-dev
    libgmp3-dev
    libssl-dev
    python
    python-pip

    Also the following python package is required:
    Code:
    gmpy2
    install it using pip:
    Code:
    sudo pip install gmpy2

    Installation

    Download the source code from https://github.com/Verteo/Cuber to your desired folder, go to the folder and run make.

    Usage

    Code:
    ./cuber -check path/to/image.img
    checks if the image would pass the signature verification

    Code:
    ./cuber -sign path/to/input/image.img path/to/output/image.img
    creates a signature for the given image and creates a new signed at the specified location

    The files prodcert.pem and signature.py are required by the application to work

    Why python?

    It is easier to handle bignums in python than in c++.

    The exploit

    https://www.codeaurora.org/projects...tion-leads-to-signature-forgery-cve-2014-0973
    The bootloader is not properly checking the number of bytes decrypted from the signature. This allows us insert to garbage bytes and create a forged signature.
    A decrypted (cubed) PKCS#1 v1.5 padded signature starts with 00 01 PS 00.
    PS is the padding string and consists at least of 8 FF bytes
    After the start of the signature comes the 32 byte long SHA256 image hash.
    So the decrypted signature should look something like this:
    Code:
    00 01 FF FF FF FF FF FF FF FF 00 xx xx xx xx xx
    xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
    xx xx xx xx xx xx xx xx xx xx xx .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..

    Where xx is the hash and the .. are the garbage bytes.
    The garbage byte can have an arbitrary value. We use them to create a perfect cube root.

    Example

    Hash of example image:

    Code:
    A9 07 1C A3 31 43 16 F7 2E 9A FF B3 31 46 A6 EC 60 6E DE 42 45 9E 4C 9B 6B 5F B0 E1 97 1C 33 85

    Desired cubed signature:

    Code:
    00 01 FF FF FF FF FF FF FF FF 00 A9 07 1C A3 31 
    43 16 F7 2E 9A FF B3 31 46 A6 EC 60 6E DE 42 45
    9E 4C 9B 6B 5F B0 E1 97 1C 33 85 .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..

    Generated signature:

    Code:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 32 CB FD 4A 7A
    DC 79 05 58 41 75 78 07 60 1D 4F D5 09 9A 22 ED
    4A F3 B3 46 62 94 03 A0 78 BF AE E1 FF 07 49 B4
    98 C9 C7 F6 96 A1 66 E1 3A D0 8A 97 9D 82 4D 64
    08 4E 91 B1 D3 F8 EB 97 81 57 92 97 D3 F2 E5 D5
    6F A4 6C DC 91 79 11 A4 9F 23 83 4E A4 84 20 C0

    Generated signature cubed:

    Code:
    00 01 FF FF FF FF FF FF FF FF 00 A9 07 1C A3 31 
    43 16 F7 2E 9A FF B3 31 46 A6 EC 60 6E DE 42 45
    9E 4C 9B 6B 5F B0 E1 97 1C 33 85 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 8D C2 E5 F5 65 19 0A BA 69 BA
    14 29 BE 83 F4 2E 61 04 3E 1E 59 79 3C C6 D6 D8
    D0 59 D1 46 E4 D4 86 B8 D4 A0 C1 2F 3A 4C 72 F7
    F4 14 E7 CF CE 3F 5D A3 53 25 D6 7B 7B 83 AF 66
    B8 42 A7 06 79 7C 31 69 51 43 F6 83 B2 29 65 81
    F5 B0 9D 93 77 6B BA 83 52 C0 F0 68 93 AF 65 9E
    19 F2 EC 9D 9A 76 90 30 15 5F F5 B5 88 EB 89 FE
    CB DC 3A 4E D7 71 32 E3 10 FF 39 C0 C0 73 47 71
    A2 C4 07 7A 3C E2 F7 96 68 A3 C8 35 40 33 02 A5
    AA 4E CB BB AC 56 DB 98 F2 50 76 BD A7 82 6E C3
    AC 34 F4 E9 E7 87 99 43 B4 6E 94 67 F6 6C 00 00

    As you may notice this is valid signature.

    Disclaimer

    I'm not an expert at cryptography, my statements may be false or incomplete.
    2
    I'm not sure if this is an isolated problem, but I'm getting errors when I try to compile:
    Code:
    [email protected]:/Cuber-master# make
    g++ -Iinclude Cuber.cpp -o Cuber -lcrypto
    In file included from Cuber.h:7:0,
                     from Cuber.cpp:1:
    bootimg.h:108:5: error: ‘uint32_t’ does not name a type
         uint32_t insn;
         ^
    bootimg.h:109:5: error: ‘uint32_t’ does not name a type
         uint32_t res1;
         ^
    bootimg.h:110:5: error: ‘uint64_t’ does not name a type
         uint64_t text_offset;
         ^
    bootimg.h:111:5: error: ‘uint64_t’ does not name a type
         uint64_t res2;
         ^
    bootimg.h:112:5: error: ‘uint64_t’ does not name a type
         uint64_t res3;
         ^
    bootimg.h:113:5: error: ‘uint64_t’ does not name a type
         uint64_t res4;
         ^
    bootimg.h:114:5: error: ‘uint64_t’ does not name a type
         uint64_t res5;
         ^
    bootimg.h:115:5: error: ‘uint64_t’ does not name a type
         uint64_t res6;
         ^
    bootimg.h:116:5: error: ‘uint32_t’ does not name a type
         uint32_t magic_64;
         ^
    bootimg.h:117:5: error: ‘uint32_t’ does not name a type
         uint32_t res7;
         ^
    Cuber.cpp: In function ‘int main(int, char**)’:
    Cuber.cpp:18:30: error: ‘strcmp’ was not declared in this scope
      if (strcmp(argv[1], "-check") == 0 && argc == 3){
                                  ^
    Cuber.cpp:22:29: error: ‘strcmp’ was not declared in this scope
      if (strcmp(argv[1], "-sign") == 0 && argc == 4) {
                                 ^
    Cuber.cpp: In function ‘int check_image(char*)’:
    Cuber.cpp:77:41: error: ‘memcpy’ was not declared in this scope
      memcpy(hdr, image, sizeof(boot_img_hdr));
                                             ^
    Cuber.cpp:83:45: error: ‘memcmp’ was not declared in this scope
      if (memcmp((char*)hdr->magic, "ANDROID!", 8) != 0){
                                                 ^
    Cuber.cpp: In function ‘int sign_image(char*, char*)’:
    Cuber.cpp:168:45: error: ‘memcmp’ was not declared in this scope
      if (memcmp((char*)hdr->magic, "ANDROID!", 8) != 0){
                                                 ^
    Cuber.cpp:235:37: error: ‘memset’ was not declared in this scope
      memset(signature, 0, SIGNATURE_SIZE);
                                         ^
    Cuber.cpp:249:62: error: ‘memcpy’ was not declared in this scope
        memcpy(image + imagesize_actual, signature, SIGNATURE_SIZE);
                                                                  ^
    Cuber.cpp: In function ‘int verify_image(unsigned char*, unsigned char*, unsigned int)’:
    Cuber.cpp:359:42: error: ‘memcmp’ was not declared in this scope
      if (memcmp(plain_text, digest, hash_size) != 0) {
                                              ^
    Cuber.cpp: In function ‘int create_signature(unsigned char*, unsigned char*)’:
    Cuber.cpp:450:48: error: ‘memcpy’ was not declared in this scope
      memcpy(outputbuffer + offset, buffer, filesize);
                                                    ^
    Makefile:2: recipe for target 'all' failed
    make: *** [all] Error 1
    2
    What are the chances this works on Amazon's Fire phone? I just picked one up dirt cheap and I would love to flash CM on it.

    Maybe an unsigned fire phone boot image might be signed with this?

    Sent from my GT-i9100 running CM11

    Yes you can sign an image. You just need a vulnurable bootloader. The exploit was publicly fixed on 13 June and the first patched bootloader for the hdx tablets ( .3.2.4) was compiled on 20 June.
    2
    Would it be helpful I can provide stock aboot, kernel, and recovery for it to be analyzed? I definitely would want this to work on my gs4 with a locked boot loader. Getting the tool running should not be an issue but needed some advice..

    In the images for the Tab 4 I have seen, that Samsung uses a different format for their signatures.
    Maybe I could find something in the files, but I have more important things to do at the moment.
    1
    @vortox: I submitted a pull request with the help of @TheReverend403, which notably fixes the errors I was facing above and some more.

    https://github.com/Verteo/Cuber/pull/2