• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root Firmware Versions

Another techie post, sorry.. ;)

Not sure there would be anything in the import table if it's COM+? Wouldn't it load it via its CLSID? I didn't notice any imports for other NPS files either.

The downloads come from fus.samsungmobile.com, so it's a logical assumption that it's the correct DLL, but not guaranteed to be right of course.

If it's definitely using FUSCrypt.dll and the Import routines don't work, it would suggest that the crypto keys are hard-coded rather than communicated to the client. Windbg might be useful whilst performing a genuine NPSMitsBinaryUpgrade.exe download if so. Might give away the secret keys...

Since my last post, I wrote a brute force checker as I described. Nothing showing up for September yet, but it did find the following August releases (all of which we already know about). The download links are useless of course as we can't decrypt the files....

Operator: O2 UK, CSC: I7500O2UIH2, Firmware: I7500XXIH6
http://fus.samsungmobile.com/Phone_Binary/6/GT-i7500I7500O2UIH2I7500XXIH6I7500XXIH6_500.zip.enc

Operator: O2 DE, CSC: I7500VIAIH4, Firmware: I7500XXIH8
http://fus.samsungmobile.com/Phone_Binary/6/GT-i7500I7500VIAIH4I7500XXIH8I7500XXIH8_500.zip.enc

Operator: Vodafone IT, CSC: I7500ITVIH2, Firmware: I7500XXIH7
http://fus.samsungmobile.com/Phone_Binary/6/GT-i7500I7500ITVIH2I7500XXIH7I7500XXIH7_500.zip.enc

All of academic interest really than practical usefulness :(

Chris
 
Upvote 0
Sephail,

Good luck with that! I agree that it's difficult to believe that the strings are hardcoded, but worth a crack. I too had a moment where I saw the file decrypting and thought "I've cracked it!", only just to get an invalid zip file!

Are you finding that the ImportPublicKeyBase64 and ImportSymmetricKeyBase64 methods don't work too? I captured some public keys and symmetric keys via Fiddler2 and whilst they're valid base64, it just refuses to load them. Same if I generate my own key/symmetric key, export them (ExportPublicKeyBase64 / ExportSymmetricKeyBase64) and then try and import them again. Completely refuses.

Interesting that there was an O2 UK firmware for the UK back in July. Must have been what they did their accreditation testing with (I believe it failed initially).

If nothing else we can produce a complete history of firmwares now. That kind of thing has been done by piecing together pieces of information from the community up to now.

Good luck!

Chris
 
Upvote 0
im no clever dude but I couldnt even download the the stuff you said I just got this come up in my browser:
GETPUBKEY=BgIAAACkAABSU0ExAAQAAAEAAQBLkRxedbb7YE15wHuDYnVNmzD/RRXRAQ8HMu+q7fkQ7TQNckTKID3cp+rxcUBRJ9Eu2os4IL6sO++e58yZkCTAJp5Rfa5jwDQS0dtvpEXyHpwMPdT/s5RqVLmy+abiJ3BErnkoFLmhXgkBLNJWsLOC77gWyj5xi0VoUnjyALFtvQ==
 
Upvote 0
im no clever dude but I couldnt even download the the stuff you said I just got this come up in my browser:
GETPUBKEY=BgIAAACkAABSU0ExAAQAAAEAAQBLkRxedbb7YE15wHuDYnVNmzD/RRXRAQ8HMu+q7fkQ7TQNckTKID3cp+rxcUBRJ9Eu2os4IL6sO++e58yZkCTAJp5Rfa5jwDQS0dtvpEXyHpwMPdT/s5RqVLmy+abiJ3BErnkoFLmhXgkBLNJWsLOC77gWyj5xi0VoUnjyALFtvQ==

use chrome or IE


wow guys good find, i wish i could help out some how but im low skilled when it comes to stuff like what you are talking.

its nice to see that you can pull a list though and that o2uk is there prior to this new update.
if only for the csc.
how did people obtain these software versions for use with odin before ?
 
Upvote 0
im no clever dude but I couldnt even download the the stuff you said I just got this come up in my browser:
GETPUBKEY=BgIAAACkAABSU0ExAAQAAAEAAQBLkRxedbb7YE15wHuDYnVNmzD/RRXRAQ8HMu+q7fkQ7TQNckTKID3cp+rxcUBRJ9Eu2os4IL6sO++e58yZkCTAJp5Rfa5jwDQS0dtvpEXyHpwMPdT/s5RqVLmy+abiJ3BErnkoFLmhXgkBLNJWsLOC77gWyj5xi0VoUnjyALFtvQ==

Hey coipu,

That's actually quite interesting that you got that. Which web browser are you using?

Chris
 
Upvote 0
BODYR=e509iKAdVgRyfihAtWM%2BRpq5x5WMM%2Bamn55MPJpM4HQh66faOiZRF6aFsJSOH5Elns2PVLNtzlBYXbCvjL3VuDQpcBsOXg3JDROQ3irCmq62JrzpO0QXl4NYgE9f6PJmhq6G3VTiEu1WxohzOvFZ4TFwsEyM1KuorAhCIuX06pTiMV8IhsfczT1bX81SaEZtEmIkKxaMsDD7ow0K%2F%2B4sZmJeZRu3KhEdMZLx0zdTAdcuJrUTMcZCPNlXp%2BjzTkqLGWcdoL7hRNo8p9yOMpTV5A%3D%3D&MODEL=I7500VIAIH4%7EI7500XXIH8%7EI7500XXIH8&TEMPID=f3815af7260063634cbd0e69a7ccd261

TEMPID is gotten from login.php and BODYR doesn't make any sense (to me) if you decode it. It's base64 encoded, which is easy to identify from the == in the end (urldecode it first).

It's pretty hard to understand why the secrecy, most other operators freely provide the firmwares, it's cheaper for them that way. Oh well..
 
Upvote 0
Don't mean to hijack the thread, but I see some knowledgeable Galaxy firmware discussion here, and I thought someone could help me flash the original camera firmware version. In fact, I'm willing to contribute $50 for instructions on how to do that (returning the phone would be more expensive and would benefit some shipping company rather than a hacker).
 
Upvote 0
Another thought:

IF all of the software revisions use the same key, here's a way that's likely to work:
- Use NPSMitsBinaryUpgrade.exe and get to the stage where it's downloading the zip.enc
- Pause the process until it timeouts or kill the net connection
- It'll ask if you want to retry. Meanwhile, set up a quick webserver and either modify the hosts file (if it does another DNS lookup) or set up an iptables rule on your router to forward the resolved IP to your webserver
- It should grab your .zip.enc instead and perform the decryption for you.

If it successfully grabs the file but can't decrypt it, this will tell us that we're going to have to decrypt the exchange between the client and fus to get the key...

Another way to do it, is to flash your ROM with some old firmware, so that it will recognize the device and want to update it. After it downloads the update (h8 in that case), you don-t click "next" but you replace the tar file it downloaded with the new tar file (rename it). That way it'll decrypt the file for you.
 
Upvote 0
Yes, but in this case I don't have the UK O2 CSCs (and haven't seen that anyone else does, either), so that method is not possible for when I4 becomes available (which it is not yet), unless someone who already has UK firmware does it and sends us the unencrypted .zip/.tar...

Sorry i half stopped following the thread as went into an area I had no idea about lol, is that something I could help with?

EDIT: Actually I've just read what you were referring to, don't think I'd really wanna do that...
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones