So i been trying to find a workaround to at least restore my backup. I have a full backup of the 7040T that i created before i messed with stuff. I need to get my phone back up to get much further. I managed to get ahold of an OTA Update for the 7040N. An OTA update for the 7040T might bring my phone back up but so far noone is posting it. Even though one became available in the beginning of NOV 2015.
I have a plan or at least a possible way we could get in this phone. My idea is to use the OTA update that is signed correctly and passes e3 recovery verification. Take it and add a modified recovery by replacing the recovery.img in the OTA with the new one. The question is how to do this and not break the signature. Not likely to happen. I do wonder if the Command: {"/sbin/recovery"} the recovery.sh could be changed to not check for the signature.
Im downloading the AOSP source to try some test. I have the keys file that is called here by this command shown in the recovery.log
I:read key e=3 hash=20
I:1 key(s) loaded from /res/keys
I also have the releasekey.x509.pem that is used to sign the file by the developer.
But i dont have the releasekey.pk8 the developer PRIVATE key.
Im going make my own releasekey.pk8 and try to use it and releasekey.x509.pem to resign the update and see what happens.
I expect it will fail. im just curious if i use the keys found it the keyfile in the pk8 if it might take.
The other test is to use the releasekey.x509.pem and the AOSP platform.pk8, if the developer got lazy and used the stock .pk8 key we would be golden. I expect this will fail as well.
Ive been investigating if there is a way to pull the .pk8 key from the device or from the public half of the keys but i have not found a method yet.
The only other thing i can think of is to create completly new keys platform.x509.pem and platform.pk8 and take the new OTA.zip and replace the one on the phone with the new created one. But im fearful that the apk may go nutz and crash not really sure. at any rate if that certificate can be replaced the we could sign our own updates. as far as the apps we could do the same. Take my full backup and resign all the apk with the new key then reload the whole system provided the new signature will pass the recovery. In theory it seems it would work that way.
Ideas Anyone???
I have a plan or at least a possible way we could get in this phone. My idea is to use the OTA update that is signed correctly and passes e3 recovery verification. Take it and add a modified recovery by replacing the recovery.img in the OTA with the new one. The question is how to do this and not break the signature. Not likely to happen. I do wonder if the Command: {"/sbin/recovery"} the recovery.sh could be changed to not check for the signature.
Im downloading the AOSP source to try some test. I have the keys file that is called here by this command shown in the recovery.log
I:read key e=3 hash=20
I:1 key(s) loaded from /res/keys
I also have the releasekey.x509.pem that is used to sign the file by the developer.
But i dont have the releasekey.pk8 the developer PRIVATE key.
Im going make my own releasekey.pk8 and try to use it and releasekey.x509.pem to resign the update and see what happens.
I expect it will fail. im just curious if i use the keys found it the keyfile in the pk8 if it might take.
The other test is to use the releasekey.x509.pem and the AOSP platform.pk8, if the developer got lazy and used the stock .pk8 key we would be golden. I expect this will fail as well.
Ive been investigating if there is a way to pull the .pk8 key from the device or from the public half of the keys but i have not found a method yet.
The only other thing i can think of is to create completly new keys platform.x509.pem and platform.pk8 and take the new OTA.zip and replace the one on the phone with the new created one. But im fearful that the apk may go nutz and crash not really sure. at any rate if that certificate can be replaced the we could sign our own updates. as far as the apps we could do the same. Take my full backup and resign all the apk with the new key then reload the whole system provided the new signature will pass the recovery. In theory it seems it would work that way.
Ideas Anyone???