• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root ZTE ZMAX Pro (Z981) root discussion

Jump to latest Follow Reply
Status
Not open for further replies.
Sort by date Sort by votes
#1,201
scary alien said:
I'm pretty sure that every OTA sent out for Android devices are signed...there are SHA1 digests for each file inside the OTA fileset as well as the signing certificate, all contained in the META-INF folder structure.

The signing serves two purposes:

1. Allows for verification that the file actually came from the purported "official" source

2. Provides a way to guarantee that the file (.zip) and the individual files contained therein, are whole an uncorrupted

Devices with unlocked bootloaders also do have signed OTA files--its just that an unlocked bootloader will not enforce the signature checking when trying to flash/boot/install a file (amongst other things)--i.e., caveat emptor for those that unlock their device.
Click to expand...

Was just about to say the same thing. Also I'm really surprised Messi thought sig verification fails = locked bootloader.
 
Last edited:
  • Like
Reactions: scary alien
Upvote 0
#1,209
LeGiT_dIaMoNd said:
How does one catch the ota? to work on the signing issue at hand?
Click to expand...
Page44..
Screenshot_20161202-200544.png
Messi has his modded version which is probably the one you want..
 
Upvote 0
#1,215
  • Like
Reactions: Spec2nirvash, lambo352 and scary alien
Upvote 0
#1,218
Potentially Useful Info:
\META-INF\ and its contents
Please Understand How android Signing works
http://nelenkov.blogspot.com/2013/04/android-code-signing.html

So inside the update the folder \META-INF\ there are three files
  1. CERT.RSA
  2. CERT.SF
  3. MANIFEST.MF
Code Within Each:
CERT.RSA to CERT.pem Had to make it into a pem to get info from the rsa.
Code: 
subject=/C=CN/ST=Shanghai/L=Shanghai/O=ZTE/OU=Smartphone Software Dept./CN=ZTE/emailAddress=support@zte.com.cn
issuer=/C=CN/ST=Shanghai/L=Shanghai/O=ZTE/OU=Smartphone Software Dept./CN=ZTE/emailAddress=support@zte.com.cn
-----BEGIN CERTIFICATE-----
MIIErjCCA5agAwIBAgIJAOuCYND5gmZOMA0GCSqGSIb3DQEBBQUAMIGWMQswCQYD
VQQGEwJDTjERMA8GA1UECBMIU2hhbmdoYWkxETAPBgNVBAcTCFNoYW5naGFpMQww
CgYDVQQKEwNaVEUxIjAgBgNVBAsTGVNtYXJ0cGhvbmUgU29mdHdhcmUgRGVwdC4x
DDAKBgNVBAMTA1pURTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEB6dGUuY29tLmNu
MB4XDTExMDMwODA3MTM0M1oXDTM4MDcyNDA3MTM0M1owgZYxCzAJBgNVBAYTAkNO
MREwDwYDVQQIEwhTaGFuZ2hhaTERMA8GA1UEBxMIU2hhbmdoYWkxDDAKBgNVBAoT
A1pURTEiMCAGA1UECxMZU21hcnRwaG9uZSBTb2Z0d2FyZSBEZXB0LjEMMAoGA1UE
AxMDWlRFMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QHp0ZS5jb20uY24wggEgMA0G
CSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6XMcxr5zlAnZfYCeKPgt+w4y/fmB7
SzZSJvCx4hFKKq6m9CHg60vhlVQ4gLkuKb1l+pFbJdrP8yL1YKQqSrWWDAhPcuIl
Lj3UcmzfbMRQhM4mrXf49ees2xyVZO38KjtSSBw/ygvH5PSrX6KFUqQdxVeciLga
tYYoOEpRGKZdeL+HAI0EMFssOow00jPP44IB9Vi9UiEHOqvTHVmDIdQWOmAgWXlA
36sdWsSebLzWXjm2vB6OJaPV93zxy+tym33mkduc2DHQiH6TFUr4YmtDOZJ7y3jZ
2VzJU3VViYNunm/Da0NAPYwtbyeOgr+5npV7CfzY436lqLYaAlHJjx37AgEDo4H+
MIH7MB0GA1UdDgQWBBS6NVREsJ5wGdTi/26mEwf8h2KDfzCBywYDVR0jBIHDMIHA
gBS6NVREsJ5wGdTi/26mEwf8h2KDf6GBnKSBmTCBljELMAkGA1UEBhMCQ04xETAP
BgNVBAgTCFNoYW5naGFpMREwDwYDVQQHEwhTaGFuZ2hhaTEMMAoGA1UEChMDWlRF
MSIwIAYDVQQLExlTbWFydHBob25lIFNvZnR3YXJlIERlcHQuMQwwCgYDVQQDEwNa
VEUxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAenRlLmNvbS5jboIJAOuCYND5gmZO
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKSJA12gqyhorPk0EkHN
gUTLJoytol5SHPksdhbMjTOTEsaPiOVQZ0sHk9JDPoXRJlZvLXIvZCtzG+YCjpF8
Gv/uK47jHJsBG5L9LyI/LNctPOTefj3aBQklLxUgeblaaK2AFGb+ygmX8plGSwOz
9p4mgr8UQtPsdXP6gxEejI3oZ8Bz4HmttL+GwabCZAxuF9O2Z4vX1oCYbAVLAKz+
SUoMVXY9hzSa/Ttx+HeH0oHPXdZ0A2VyxpLiFIXdbdC9zWjB8AGQgmYINDHlQRG4
hPH9+NppDljxd19T1cEzkFERFEI8dWkTCaE8mRNQfShSt7N3vW+kfELq8rlkvDMW
9JM=
-----END CERTIFICATE-----
CERT.SF
Code: 
Signature-Version: 1.0
SHA1-Digest-Manifest: b1on4WOzKdxRtA7NwjMs6HXxrpQ=
Created-By: 1.0 (Android SignApk)

Name: META-INF/com/google/android/updater-script
SHA1-Digest-Manifest: qX1srb3fDGKhGe+1kGi0RIRZj2E=

Name: patch/recovery.img.p
SHA1-Digest-Manifest: z8tyy4KD05Hjtk5hpCEZVklvmuE=

Name: META-INF/com/android/otacert
SHA1-Digest-Manifest: v/aWOVpZo3UMWFyYl+aXq32OKdA=

Name: META-INF/com/google/android/update-binary
SHA1-Digest-Manifest: 7S3ALd30t3c0tB+GLyM9Vdzg5ps=

Name: patch/hyp.mbn.p
SHA1-Digest-Manifest: cyE8G1fr9sxdmKE28yLfrkcqpks=

Name: system.patch.dat
SHA1-Digest-Manifest: HV1Xx61RsDEwETluo0kmzf6IF64=

Name: patch/fingerid.mbn.p
SHA1-Digest-Manifest: Dyzj2V2C5DMxFLLxIVOUbhgRR7I=

Name: patch/tz.mbn.p
SHA1-Digest-Manifest: oNTqNvuKRfDQkq+bgGB0k6xiDrQ=

Name: system.transfer.list
SHA1-Digest-Manifest: Wiw4pCKgbXf6miM1pdQl2q+aFTA=

Name: patch/boot.img.p
SHA1-Digest-Manifest: kSXaSHHS9fPdGuGR1pKNLuwGLJ4=

Name: system.new.dat
SHA1-Digest-Manifest: 3JnPmUkBkc2sDTrrZAjUckN0GVQ=

Name: patch/NON-HLOS.bin.p
SHA1-Digest-Manifest: iWuFb8t4ZiNMGeAMpcFVVaEwINE=

Name: META-INF/com/android/metadata
SHA1-Digest-Manifest: 0xAoSoK8CSXden9T9wdJDEzm1Sk=

Name: adspso.bin
SHA1-Digest-Manifest: ODwrM+YxhLOyVk9mdWv+y9AgBzg=

Name: patch/emmc_appsboot.mbn.p
SHA1-Digest-Manifest: Adus9fFpGl2w5F9QFWDXTwfV0ek=

Name: cmnlib.mbn
SHA1-Digest-Manifest: u8p/wnQvLsRdhys4N6HBxSAwZFE=

Name: patch/keymaster.mbn.p
SHA1-Digest-Manifest: 2BEnvDg7vskRHk6GU1ZRanjLeHM=

Name: patch/rpm.mbn.p
SHA1-Digest-Manifest: tCCHfy+/Cgw4lGD/vP5DnU0qPiY=

Name: patch/sbl1.mbn.p
SHA1-Digest-Manifest: s8LJRRr6T0af90kVXRTe82pUPY0=
MANIFEST.MF
Code: 
Manifest-Version: 1.0
Created-By: 1.0 (Android SignApk)

Name: META-INF/com/google/android/updater-script
SHA1-Digest: jS8ZM4SHvw5v05kTt095tTlYsJs=

Name: patch/recovery.img.p
SHA1-Digest: UVWXEIAtxsbz7PONI2V4F1S6XJ8=

Name: META-INF/com/android/otacert
SHA1-Digest: EiHYt21KYr1jCrUKAs4TQdT6+5c=

Name: META-INF/com/google/android/update-binary
SHA1-Digest: xNLR16rU6795hSE4pI1Nw00k/0A=

Name: patch/hyp.mbn.p
SHA1-Digest: 5xeosu4RuK1U36A6PDcw20CWOGM=

Name: system.patch.dat
SHA1-Digest: 6Z63G1Hl5DXTlKa9tTnsWAAI7Vw=

Name: patch/fingerid.mbn.p
SHA1-Digest: LtG/LahiOT61IzcujuTmkiP88Y8=

Name: patch/tz.mbn.p
SHA1-Digest: iIg7emDY9R1Do4ImK6k26yUGsNE=

Name: system.transfer.list
SHA1-Digest: oW0aYCOiShlRgbBOOGvvNhbaFac=

Name: patch/boot.img.p
SHA1-Digest: Msilp9pOpAXglMsNJE4R6NKSaW0=

Name: system.new.dat
SHA1-Digest: 6gog712ePYwFQrW4yfY9Wdkpf+k=

Name: patch/NON-HLOS.bin.p
SHA1-Digest: Syk/OS4ptDhtYl1147fKEsZhoNA=

Name: META-INF/com/android/metadata
SHA1-Digest: /fMZCDkUMTsfyKyt4SXwHlNsIFU=

Name: adspso.bin
SHA1-Digest: gE9pNRnQs0v1n0d0PlkMIyixJic=

Name: patch/emmc_appsboot.mbn.p
SHA1-Digest: uUvso1ROzCsL2nGf5yjqpLCiAIM=

Name: cmnlib.mbn
SHA1-Digest: tEIA0IXACDm60gVqALS8nZs+Z9w=

Name: patch/keymaster.mbn.p
SHA1-Digest: p5YmYkxoYy+QYRy+BZKMXM5ljnc=

Name: patch/rpm.mbn.p
SHA1-Digest: iTf3zbMlCDD57L4o7FObZSgZH48=

Name: patch/sbl1.mbn.p
SHA1-Digest: pZ6YZmbmUeUYrmQGNdCloi2XqFI=

META-INF\com\android
Again List of files | these files have no
extensions
metadata
otacert

metadata
Code: 
post-build=ZTE/P895T20_MPCS/urd:6.0.1/MMB29M/20161030.150238:user/release-keys
post-timestamp=1477811841
pre-build=ZTE/P895T20_MPCS/urd:6.0.1/MMB29M/20160622.141326:user/release-keys
pre-device=urd

otacert
Code: 
-----BEGIN CERTIFICATE-----
MIIErjCCA5agAwIBAgIJAOuCYND5gmZOMA0GCSqGSIb3DQEBBQUAMIGWMQswCQYD
VQQGEwJDTjERMA8GA1UECBMIU2hhbmdoYWkxETAPBgNVBAcTCFNoYW5naGFpMQww
CgYDVQQKEwNaVEUxIjAgBgNVBAsTGVNtYXJ0cGhvbmUgU29mdHdhcmUgRGVwdC4x
DDAKBgNVBAMTA1pURTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEB6dGUuY29tLmNu
MB4XDTExMDMwODA3MTM0M1oXDTM4MDcyNDA3MTM0M1owgZYxCzAJBgNVBAYTAkNO
MREwDwYDVQQIEwhTaGFuZ2hhaTERMA8GA1UEBxMIU2hhbmdoYWkxDDAKBgNVBAoT
A1pURTEiMCAGA1UECxMZU21hcnRwaG9uZSBTb2Z0d2FyZSBEZXB0LjEMMAoGA1UE
AxMDWlRFMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QHp0ZS5jb20uY24wggEgMA0G
CSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6XMcxr5zlAnZfYCeKPgt+w4y/fmB7
SzZSJvCx4hFKKq6m9CHg60vhlVQ4gLkuKb1l+pFbJdrP8yL1YKQqSrWWDAhPcuIl
Lj3UcmzfbMRQhM4mrXf49ees2xyVZO38KjtSSBw/ygvH5PSrX6KFUqQdxVeciLga
tYYoOEpRGKZdeL+HAI0EMFssOow00jPP44IB9Vi9UiEHOqvTHVmDIdQWOmAgWXlA
36sdWsSebLzWXjm2vB6OJaPV93zxy+tym33mkduc2DHQiH6TFUr4YmtDOZJ7y3jZ
2VzJU3VViYNunm/Da0NAPYwtbyeOgr+5npV7CfzY436lqLYaAlHJjx37AgEDo4H+
MIH7MB0GA1UdDgQWBBS6NVREsJ5wGdTi/26mEwf8h2KDfzCBywYDVR0jBIHDMIHA
gBS6NVREsJ5wGdTi/26mEwf8h2KDf6GBnKSBmTCBljELMAkGA1UEBhMCQ04xETAP
BgNVBAgTCFNoYW5naGFpMREwDwYDVQQHEwhTaGFuZ2hhaTEMMAoGA1UEChMDWlRF
MSIwIAYDVQQLExlTbWFydHBob25lIFNvZnR3YXJlIERlcHQuMQwwCgYDVQQDEwNa
VEUxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAenRlLmNvbS5jboIJAOuCYND5gmZO
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKSJA12gqyhorPk0EkHN
gUTLJoytol5SHPksdhbMjTOTEsaPiOVQZ0sHk9JDPoXRJlZvLXIvZCtzG+YCjpF8
Gv/uK47jHJsBG5L9LyI/LNctPOTefj3aBQklLxUgeblaaK2AFGb+ygmX8plGSwOz
9p4mgr8UQtPsdXP6gxEejI3oZ8Bz4HmttL+GwabCZAxuF9O2Z4vX1oCYbAVLAKz+
SUoMVXY9hzSa/Ttx+HeH0oHPXdZ0A2VyxpLiFIXdbdC9zWjB8AGQgmYINDHlQRG4
hPH9+NppDljxd19T1cEzkFERFEI8dWkTCaE8mRNQfShSt7N3vW+kfELq8rlkvDMW
9JM=
-----END CERTIFICATE-----
META-INF\com\google\android

Again List of files | these files have no
extensions
updater-binary
updater-script
updater-binary
NOT SURE HOW TO DECODE OR VIEW BINARY's
updater-script
Code: 
getprop("ro.product.device") == "urd" || abort("This package is for \"urd\" devices; this is a \"" + getprop("ro.product.device") + "\".");
assert(getprop("ro.product.name") == "P895T20_MPCS");
ui_print("Source: ZTE/P895T20_MPCS/urd:6.0.1/MMB29M/20160622.141326:user/release-keys");
ui_print("Target: ZTE/P895T20_MPCS/urd:6.0.1/MMB29M/20161030.150238:user/release-keys");
ui_print("Verifying current system...");
getprop("ro.build.fingerprint") == "ZTE/P895T20_MPCS/urd:6.0.1/MMB29M/20160622.141326:user/release-keys" ||
    getprop("ro.build.fingerprint") == "ZTE/P895T20_MPCS/urd:6.0.1/MMB29M/20161030.150238:user/release-keys" ||
    abort("Package expects build fingerprint of ZTE/P895T20_MPCS/urd:6.0.1/MMB29M/20160622.141326:user/release-keys or ZTE/P895T20_MPCS/urd:6.0.1/MMB29M/20161030.150238:user/release-keys; this device has " + getprop("ro.build.fingerprint") + ".");
show_progress(0.400000, 180);
apply_patch_check("EMMC:/dev/block/bootdevice/by-name/keymaster:177568:3ce6072b9916ed474b0894df8ca065bfdecf8f1e:177568:35f8381525ab8c92d575e17f181081b8a0067f44", "3ce6072b9916ed474b0894df8ca065bfdecf8f1e", "35f8381525ab8c92d575e17f181081b8a0067f44") || abort("\"EMMC:/dev/block/bootdevice/by-name/keymaster:177568:3ce6072b9916ed474b0894df8ca065bfdecf8f1e:177568:35f8381525ab8c92d575e17f181081b8a0067f44\" has unexpected contents.");
apply_patch_check("EMMC:/dev/block/bootdevice/by-name/fingerid:32852:068ac7141e4f542f152de1a73c2538261cf60ba6:32852:3b7cb8f151cffec7653fe829024e72744fdee033", "068ac7141e4f542f152de1a73c2538261cf60ba6", "3b7cb8f151cffec7653fe829024e72744fdee033") || abort("\"EMMC:/dev/block/bootdevice/by-name/fingerid:32852:068ac7141e4f542f152de1a73c2538261cf60ba6:32852:3b7cb8f151cffec7653fe829024e72744fdee033\" has unexpected contents.");
apply_patch_check("EMMC:/dev/block/bootdevice/by-name/rpm:166088:b401574da32636f9395ce3964eb1ba23fb5a0f5f:166088:9f41eb1cfad9b56a76617e079f6cd9bf44dfa8ec", "b401574da32636f9395ce3964eb1ba23fb5a0f5f", "9f41eb1cfad9b56a76617e079f6cd9bf44dfa8ec") || abort("\"EMMC:/dev/block/bootdevice/by-name/rpm:166088:b401574da32636f9395ce3964eb1ba23fb5a0f5f:166088:9f41eb1cfad9b56a76617e079f6cd9bf44dfa8ec\" has unexpected contents.");
apply_patch_check("EMMC:/dev/block/bootdevice/by-name/modem:76438016:de3acc0716a8053819b0bb50c02bb1da796da7a0:76585472:87747dc9371cc6503ac340fb55cf27a34b1dda36", "de3acc0716a8053819b0bb50c02bb1da796da7a0", "87747dc9371cc6503ac340fb55cf27a34b1dda36") || abort("\"EMMC:/dev/block/bootdevice/by-name/modem:76438016:de3acc0716a8053819b0bb50c02bb1da796da7a0:76585472:87747dc9371cc6503ac340fb55cf27a34b1dda36\" has unexpected contents.");
apply_patch_check("EMMC:/dev/block/bootdevice/by-name/tz:632644:fbcf8dbae397d91f6f4fc5d6f4160880d36ab43b:632644:07023648051d47bb91463bb3a562dd6a5c2a384c", "fbcf8dbae397d91f6f4fc5d6f4160880d36ab43b", "07023648051d47bb91463bb3a562dd6a5c2a384c") || abort("\"EMMC:/dev/block/bootdevice/by-name/tz:632644:fbcf8dbae397d91f6f4fc5d6f4160880d36ab43b:632644:07023648051d47bb91463bb3a562dd6a5c2a384c\" has unexpected contents.");
apply_patch_check("EMMC:/dev/block/bootdevice/by-name/hyp:73728:eeb375641b66b96dc0336d0abd78e0f8e9b22e95:73728:1c2079d70a233d6117685920aeb3e909362bfbab", "eeb375641b66b96dc0336d0abd78e0f8e9b22e95", "1c2079d70a233d6117685920aeb3e909362bfbab") || abort("\"EMMC:/dev/block/bootdevice/by-name/hyp:73728:eeb375641b66b96dc0336d0abd78e0f8e9b22e95:73728:1c2079d70a233d6117685920aeb3e909362bfbab\" has unexpected contents.");
apply_patch_check("EMMC:/dev/block/bootdevice/by-name/sbl1:321952:7bbc1a2d7fd68ef08c3c036dded254459e083453:322976:abf067334f85bb7854b7241e973e884fc3b7ce7f", "7bbc1a2d7fd68ef08c3c036dded254459e083453", "abf067334f85bb7854b7241e973e884fc3b7ce7f") || abort("\"EMMC:/dev/block/bootdevice/by-name/sbl1:321952:7bbc1a2d7fd68ef08c3c036dded254459e083453:322976:abf067334f85bb7854b7241e973e884fc3b7ce7f\" has unexpected contents.");
apply_patch_check("EMMC:/dev/block/bootdevice/by-name/aboot:891516:89f232cdc51a357933466f9e53b9c32e26e3c59b:902616:f689e5d837c772053fa3f9c344a521d8083b76e6", "89f232cdc51a357933466f9e53b9c32e26e3c59b", "f689e5d837c772053fa3f9c344a521d8083b76e6") || abort("\"EMMC:/dev/block/bootdevice/by-name/aboot:891516:89f232cdc51a357933466f9e53b9c32e26e3c59b:902616:f689e5d837c772053fa3f9c344a521d8083b76e6\" has unexpected contents.");
apply_patch_check("EMMC:/dev/block/bootdevice/by-name/boot:35087544:532a00dec3cd779ede9c48a935de00a860cbe953:35312824:60a0891fdb09b392cc85ae1541e08a72f87c166a", "532a00dec3cd779ede9c48a935de00a860cbe953", "60a0891fdb09b392cc85ae1541e08a72f87c166a") || abort("\"EMMC:/dev/block/bootdevice/by-name/boot:35087544:532a00dec3cd779ede9c48a935de00a860cbe953:35312824:60a0891fdb09b392cc85ae1541e08a72f87c166a\" has unexpected contents.");
apply_patch_check("EMMC:/dev/block/bootdevice/by-name/recovery:33338556:c8f1b92d125277898c5a6deca3a541b126d919c9:33561788:1ea424ce307870c3fdd1577b2bd36bd08cfc70c4", "c8f1b92d125277898c5a6deca3a541b126d919c9", "1ea424ce307870c3fdd1577b2bd36bd08cfc70c4") || abort("\"EMMC:/dev/block/bootdevice/by-name/recovery:33338556:c8f1b92d125277898c5a6deca3a541b126d919c9:33561788:1ea424ce307870c3fdd1577b2bd36bd08cfc70c4\" has unexpected contents.");
if (range_sha1("/dev/block/bootdevice/by-name/system", "98,1,32770,32961,32963,33471,65535,65536,65538,66046,98303,98304,98306,98497,98499,99007,131071,131072,131074,131582,163839,163840,163842,164033,164035,164543,196607,196608,196610,197118,229375,229376,229378,229569,229571,230079,262143,262144,262146,262654,294911,294912,294914,295105,295107,295615,327679,327680,327682,328190,360447,360448,360450,360958,393215,393216,393218,393726,425983,425984,425986,426494,458751,458752,458754,459262,491519,491520,491522,492030,524287,524288,524290,524798,557055,557056,557058,557566,589823,589824,589826,590334,622200,622592,622594,623102,633814,655360,655362,688128,688130,720896,720898,753664,753666,754174,780230,780231,786384") == "55e6914bdff2cb175d56aa068f1ed5927b6a25f1" || block_image_verify("/dev/block/bootdevice/by-name/system", package_extract_file("system.transfer.list"), "system.new.dat", "system.patch.dat")) then
ui_print("Verified system image...");
else
abort("system partition has unexpected contents");
endif;

# ---- start making changes here ----

ui_print("Patching system image after verification.");
show_progress(0.550000, 0);
block_image_update("/dev/block/bootdevice/by-name/system", package_extract_file("system.transfer.list"), "system.new.dat", "system.patch.dat") ||
    abort("Failed to update system image.");
show_progress(0.050000, 10);
ui_print("Patching keymaster.mbn image...");
apply_patch("EMMC:/dev/block/bootdevice/by-name/keymaster:177568:3ce6072b9916ed474b0894df8ca065bfdecf8f1e:177568:35f8381525ab8c92d575e17f181081b8a0067f44",
            "-", 35f8381525ab8c92d575e17f181081b8a0067f44, 177568,
            3ce6072b9916ed474b0894df8ca065bfdecf8f1e, package_extract_file("patch/keymaster.mbn.p"));
ui_print("Patching fingerid.mbn image...");
apply_patch("EMMC:/dev/block/bootdevice/by-name/fingerid:32852:068ac7141e4f542f152de1a73c2538261cf60ba6:32852:3b7cb8f151cffec7653fe829024e72744fdee033",
            "-", 3b7cb8f151cffec7653fe829024e72744fdee033, 32852,
            068ac7141e4f542f152de1a73c2538261cf60ba6, package_extract_file("patch/fingerid.mbn.p"));
ui_print("Patching adspso.bin image...");
package_extract_file("adspso.bin", "/dev/block/bootdevice/by-name/dsp");
ui_print("Patching rpm.mbn image...");
apply_patch("EMMC:/dev/block/bootdevice/by-name/rpm:166088:b401574da32636f9395ce3964eb1ba23fb5a0f5f:166088:9f41eb1cfad9b56a76617e079f6cd9bf44dfa8ec",
            "-", 9f41eb1cfad9b56a76617e079f6cd9bf44dfa8ec, 166088,
            b401574da32636f9395ce3964eb1ba23fb5a0f5f, package_extract_file("patch/rpm.mbn.p"));
ui_print("Patching NON-HLOS.bin image...");
apply_patch("EMMC:/dev/block/bootdevice/by-name/modem:76438016:de3acc0716a8053819b0bb50c02bb1da796da7a0:76585472:87747dc9371cc6503ac340fb55cf27a34b1dda36",
            "-", 87747dc9371cc6503ac340fb55cf27a34b1dda36, 76585472,
            de3acc0716a8053819b0bb50c02bb1da796da7a0, package_extract_file("patch/NON-HLOS.bin.p"));
ui_print("Patching tz.mbn image...");
apply_patch("EMMC:/dev/block/bootdevice/by-name/tz:632644:fbcf8dbae397d91f6f4fc5d6f4160880d36ab43b:632644:07023648051d47bb91463bb3a562dd6a5c2a384c",
            "-", 07023648051d47bb91463bb3a562dd6a5c2a384c, 632644,
            fbcf8dbae397d91f6f4fc5d6f4160880d36ab43b, package_extract_file("patch/tz.mbn.p"));
ui_print("Patching hyp.mbn image...");
apply_patch("EMMC:/dev/block/bootdevice/by-name/hyp:73728:eeb375641b66b96dc0336d0abd78e0f8e9b22e95:73728:1c2079d70a233d6117685920aeb3e909362bfbab",
            "-", 1c2079d70a233d6117685920aeb3e909362bfbab, 73728,
            eeb375641b66b96dc0336d0abd78e0f8e9b22e95, package_extract_file("patch/hyp.mbn.p"));
ui_print("Patching sbl1.mbn image...");
apply_patch("EMMC:/dev/block/bootdevice/by-name/sbl1:321952:7bbc1a2d7fd68ef08c3c036dded254459e083453:322976:abf067334f85bb7854b7241e973e884fc3b7ce7f",
            "-", abf067334f85bb7854b7241e973e884fc3b7ce7f, 322976,
            7bbc1a2d7fd68ef08c3c036dded254459e083453, package_extract_file("patch/sbl1.mbn.p"));
ui_print("Patching emmc_appsboot.mbn image...");
apply_patch("EMMC:/dev/block/bootdevice/by-name/aboot:891516:89f232cdc51a357933466f9e53b9c32e26e3c59b:902616:f689e5d837c772053fa3f9c344a521d8083b76e6",
            "-", f689e5d837c772053fa3f9c344a521d8083b76e6, 902616,
            89f232cdc51a357933466f9e53b9c32e26e3c59b, package_extract_file("patch/emmc_appsboot.mbn.p"));
ui_print("Patching cmnlib.mbn image...");
package_extract_file("cmnlib.mbn", "/dev/block/bootdevice/by-name/cmnlib");
ui_print("Patching boot image...");
apply_patch("EMMC:/dev/block/bootdevice/by-name/boot:35087544:532a00dec3cd779ede9c48a935de00a860cbe953:35312824:60a0891fdb09b392cc85ae1541e08a72f87c166a",
            "-", 60a0891fdb09b392cc85ae1541e08a72f87c166a, 35312824,
            532a00dec3cd779ede9c48a935de00a860cbe953, package_extract_file("patch/boot.img.p"));
ui_print("Patching recovery image...");
apply_patch("EMMC:/dev/block/bootdevice/by-name/recovery:33338556:c8f1b92d125277898c5a6deca3a541b126d919c9:33561788:1ea424ce307870c3fdd1577b2bd36bd08cfc70c4",
            "-", 1ea424ce307870c3fdd1577b2bd36bd08cfc70c4, 33561788,
            c8f1b92d125277898c5a6deca3a541b126d919c9, package_extract_file("patch/recovery.img.p"));
set_progress(1.000000);
Learn How to read/write these types of scripts
http://forum.xda-developers.com/showpost.php?p=25136429&postcount=2

This May Be Important to you people trying to bypass and inject files
 
  • Like
Reactions: nino44 and lambo352
Upvote 0
#1,221
JIMMYHENDRIX said:
I don't think this phone is gonna get root :(
Click to expand...

Look im not a mod or anything but i just need to say this, when you come on a thread and tell thousands of users that have been using their spare time to not only test and research for bugs but have also took time to log in and share what they have found, coming in here and posting a negative comment like that is tant amount to a spoiled kid jumping up and down and saying, "why dont i have what i want right now." im not being a d!ck im just saying negative comments like those is like a slap in the face to progress and time. Invested. If the time frame that this model takes for R&D to get root doesnt fit ur expectations i suggest you come up with some leads or create your own exploit.

Once again im really not being overly harsh. I just have been on these forums for a week and the comradary i have seen im just this one thread alone is enough to seal the deal for me that we will get root. Findijg bugs and then creating exploits is only the end part of development, there are numerous variables that go into every model. So before you give up remember that this kind of work is what has made android great. You litterally can click one Damn button and get root on hundreds of models, but a lot of people forget that behind that are devs and a community that bust their ass to make end users have that luxury.

Just a rant from another sys admin (Me) who daily gets asked why things arent done quick enough from his boss that might as well be cracking a whip with his out of Touch understanding of what i do for his company fml lol.
 
  • Like
Reactions: SimplyIonian, Meechieduzit, Cesar999 and 6 others
Upvote 0
#1,223
@scary alien - what about setting up a decoy server that will act as a signing server with tools like sslstrip or mitmf (man in the middle framework) i think there could maybe be a way to setup a server masquerading as the sig ing server that will just by default not even check the validity of the hashes but just give a "all ok" to the phone by using a web proxy that tampers all requests gpjng in or out allowing editing of the conditions in real timw (burp suite for example or fiddler) in essence bypassing the checks. And allowing the files to be dumped or at least give the oppurtunity to get some information by sniffing the data that goes to the phone and server when that condition is met in real situations.
 
  • Like
Reactions: lambo352
Upvote 0
#1,225
Matt Addy said:
Okay I've made a discovery in the developers options. There is a mode called OEM unlocking which allows bootloader to be unlocked. I'm about to try it myself.
Click to expand...

As stated i other posts that doesnt do what ur thinking its completely up to the devs as to what options that switch actually does. And. As stated earlier again we wouldnt have a thread going on for almost 60 pages if it was as simple as checking a switch in dev options.

I know that switch is kinda misleading but these are the facts right now. Keep ideas coming in tho we can use as many people as possible on this.
 
  • Like
Reactions: scary alien
Upvote 0
Status
Not open for further replies.

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones

Best Android Phones

See All
  1. Google Pixel 8 Pro Check Price
  2. Samsung Galaxy S23 Ultra Check Price
  3. Samsung Galaxy Z Fold5 Check Price
  4. Google Pixel 8 Check Price
  5. Samsung Galaxy S23 Check Price

Upcoming

See All
  1. Samsung Galaxy S24 Early Access

Best iPhones

See All
  1. Apple iPhone 15 Pro Max Check Price
  2. Apple iPhone 15 Pro Check Price
  3. Apple iPhone 15 Plus Check Price
  4. Apple iPhone 15 Check Price
  5. Apple iPhone SE (2022) Check Price

Upcoming

See All
  1. Apple iPhone 16 Early Access

Tablets

Best Tablets

See All
  1. Samsung Galaxy Tab S9 Ultra Check Price
  2. Apple iPad Pro (2022) Check Price
  3. Apple iPad Air (2022) Check Price
  4. Apple iPad Mini (2021) Check Price
  5. Microsoft Surface Pro 9 Check Price

Upcoming

See All
  1. Apple iPad Air 6 Early Access
  2. Apple iPad Fold Early Access

Laptops

Best Laptops

See All
  1. Apple Macbook Pro Check Price
  2. Apple Macbook Air (2023) Check Price
  3. Dell XPS 13 Check Price
  4. Acer Chromebook Spin 714 Check Price
  5. Dell Alienware m18 (2022) Check Price

Upcoming

See All
  1. Microsoft Surface Laptop 6 Early Access
  2. Microsoft Surface Pro 10 Early Access

Televisions

Best TVs

See All
  1. Samsung The Frame TV Check Price
  2. Samsung Neo QLED 4K QN90C Check Price
  3. LG G3 OLED Check Price
  4. LG A2 OLED Check Price
  5. ROKU Plus Series Check Price
  6. Samsung S90C OLED Check Price
  7. SunBriteTV Veranda 3 Check Price

Upcoming

See All
  1. Hisense 110UX ULED X TV Early Access

Game Consoles

Best Game Consoles

See All
  1. Nintendo Switch OLED Check Price
  2. Microsoft XBOX Series X Check Price
  3. Sony Playstation 5 Check Price
  4. Microsoft XBOX Series S Check Price
  5. Nintendo Switch Lite Check Price

Upcoming

See All
  1. Nintendo Switch 2 Early Access

Wearables

Best Wearables

See All
  1. Oura Ring 3 Check Price
  2. Apple Watch Series 9 Check Price
  3. Google Pixel Watch 2 Check Price
  4. Samsung Galaxy Watch 6 Classic Check Price
  5. Fitbit Inspire 3 Check Price
  6. Amazfit Amazfit Band 7 Check Price
  7. Apple Watch SE Check Price
  8. Apple Watch Ultra 2 Check Price

Upcoming

See All
  1. Samsung Galaxy Watch 7 Early Access

Smart Home

Smart Home Tech

See All
  1. Amazon Echo (4th Gen) Check Price
  2. Schlage Encode Smart Lock Check Price
  3. Amazon Blink Smart Cameras Check Price
  4. Google Nest Thermostat Check Price
  5. Phillips Hue Smart Lights Check Price

Upcoming

See All
  1. Apple Homepod Vision Early Access

Similar threads

IAmHuman
Help Motorola G5S oem_locked
Replies
6
Views
5K
Smartphones
StevenRaccoon
StevenRaccoon
U
What is the correct thread-safe way to access shared resource?
Replies
3
Views
867
Android Development
uavengineer
U
Upvote 0
Samsung
  • Suggestion
[Interview] Elevating the PC Experience: Samsung and Intel Explore the Galaxy Book4 Series and Future of AI PCs
Replies
0
Views
130
Breaking News
Samsung
Samsung
N
[MTK][Root] TCL 20 XE 5087Z Root and Unlock Bootloader Guide
Replies
1
Views
9K
Rooting
Nostii
N
dan97520
Can't connect Pixel 7 Pro to PC (Windows 11)
Replies
14
Views
7K
Rooting
hstroph
hstroph
Top Bottom
Back
Jump to latest Follow Reply
Jump to latest Follow Reply