How ServiceMenu.apk gets bootloader state? And how other apps read DRM keys? I mean i`ve decomiled ServiceMenu.apk and still can`t understand it..where it reads it from? If we know it we can simulate normal DRM keys
Related
I rooted the lg nitro hd and did some stuff. Since my phone couldn't activate visual voicemail, I decided to hard reset the phone. Since then my home button stopped working. It still vibrates when I press the button but nothing happens.
Still happening?
Might need to know what "did some stuff" means. Did you delete anything? Install an alternate launcher?
um i think i messed up with nobloat. I did a hard reset and my backups were gone. I think I need a backup from someone of all of their system apps for the nitro.
I think this will help, not sure: http://forum.xda-developers.com/showthread.php?t=1389041
any more help? how can i use the image to restore my phone?
if you can connect to your phone with adb from your computer then you have a chance. Adb allows you to remount your system partition in read/write mode which should allow you to overwrite your files with ones from someone elses phone. Never tried it and it could make your phone even worse... or it could fix it?
um so how do I do that can you explain it to me.
Hi All
I am one of the victim of Bricked A100 owner (http://forum.xda-developers.com/showpost.php?p=25230026&postcount=57), as detailed in the forum, I tried with EUU and stumbled in to wrong cpuid as others.
In search of the way out, I stumbled upon some of the details from nvidia.. (http://nv-tegra.nvidia.com/gitweb/?...in;h=4c92e4f2ac11913c4ba19d3ffc1be0f5ae8c4ca6). according to this
- fuses can be read/written via sysfs entries.
- fuse sysfs entries will be present under /sys/firmware/fuse
I also saw some details and tables about 128 bit crypt key generation here.
http://nv-tegra.nvidia.com/gitweb/?...d;hb=ac09952babed8e2ac6999127b7f95d7a2bbfd7af
http://nv-tegra.nvidia.com/gitweb/?...b;hb=ac09952babed8e2ac6999127b7f95d7a2bbfd7af
http://nv-tegra.nvidia.com/gitweb/?...1;hb=ac09952babed8e2ac6999127b7f95d7a2bbfd7af
I don't know if this will be useful in get some information about finding the SBK for A100. May be the gurus can comment on this.
Thought of sharing this to the community, I am sorry... If I posted in wrong place..
Thanks
JayArr
Checking device manager for cpuid doesn't help (check relevant part "alternative methods" in http://forum.xda-developers.com/showthread.php?t=1121543)?
Information to reflection
Look here.
ZeroNull did you try to enter in apx mode with unlocked bootloader after your replacement of the motherboard?
I'm asking because the assumption of ptesmoke that unlocked bootloader modify the serial # in some way and that's why you can't enter in apx.Despite the number is the same in /sys/firmware/fuse/ and in dmesg like the original one.But is diferent in adb devices. It's refuses to enter in apx mode with sbk generated from them no matter who.
SBK is an AES key that is burnt into unreadable fuse area.
It's being used to decrypt APX commands and the bootloader.
Even if you would be able to read it somehow out of hardware (which the designers of Tegra2 chip made sure you cannot) it's of not much use, as this is only the decryption key, and the designers of AES made sure it's very hard to generate second (encryption) matching key having only one of the pair.
The only feasible way of getting the encryption key is Acer "leaking" the key itself or the method of generating it from CPUID, to the community.
zleto said:
ZeroNull did you try to enter in apx mode with unlocked bootloader after your replacement of the motherboard?
Click to expand...
Click to collapse
Yes. Everything works.
I as tried this and this bootloaders. There were no problems.
smokku said:
SBK is an AES key that is burnt into unreadable fuse area.
It's being used to decrypt APX commands and the bootloader.
Even if you would be able to read it somehow out of hardware (which the designers of Tegra2 chip made sure you cannot) it's of not much use, as this is only the decryption key, and the designers of AES made sure it's very hard to generate second (encryption) matching key having only one of the pair.
The only feasible way of getting the encryption key is Acer "leaking" the key itself or the method of generating it from CPUID, to the community.
Click to expand...
Click to collapse
No, it's symmetric. And when you encrypt on asymmetric encryption, the private key is the one that decrypts
Skrilax_CZ said:
No, it's symmetric. And when you encrypt on asymmetric encryption, the private key is the one that decrypts
Click to expand...
Click to collapse
Oh. Thanks.
I was under impression that AES is asymmetric.
It actually makes sense now how one can generate the SBK from CPUID.
Anyway, it's still impossible to read out the burnt key from Tegra2 chip.
ZeroNull said:
Yes. Everything works.
I as tried this and this bootloaders. There were no problems.
Click to expand...
Click to collapse
care to elaborate? what bootloader are you running on your A100?
ptesmoke said:
care to elaborate? what bootloader are you running on your A100?
Click to expand...
Click to collapse
bump
zeronull please pm me...
Sent from my SGH-I897 using xda premium
Where is the Service Menu stored on the device ? Can it be updated ? Is there a way to view or have full control of the storage/memory on a device through a program on my pc ? I would like to see how the service menu, bootloader, rom, recovery ect. is configured.
OK, think I figured this out that the Factory Test APK is the service menu... I just got my first android and still trying to break this thing down... I would still like to figure out how the file structure is stored on the device as far as the CWM recovery partition (if there even is one) and i'm assuming the bootloader is seperate from the OS. If anyone can help clarify it would be appreciated
here is some information on the partitions you may find useful:
http://forum.xda-developers.com/showthread.php?t=1454862&highlight=partitions
hi guys, sorry but my GF changed boot security code in her G8 and then forgot it, so now she can't reach anymore the homescreen (so can't access any data!). that's her phone i swear!
completely stock untouched huawei mm fw, no root, BL locked.
i think in bootloader/fastboot mode i can factory reset to get rid of the boot security, but this way I'm afraid I'll delete all her data from internal sdcard? that would be a disaster, as she have plenty of pictures of our baby taken in the last few months! (
do you know if i can bypass this security someway?
when i connect the phone to the pc i don't see anything, as i can't change USB connection mode (no drop down notification panel when screen is locked! ;( )
any suggestion?
you think in fastboot/bootloader mode I can maybe copy the sdcard content via fastboot/adb maybe?
guys please help i desperately need some advice...
Tia!
Hi to all, well I was Modifying the build.prop in my ZTE V829, but the changes dont like me, then I wanted change to original build.prop but I lost the original one, then I download What was supposed to be the original, but lamentably this brick my phone, now when I turn on the the screen is upside, and freezes in the brand logo, and when I want enter in recovery with power + volume up, only appear android logo with the word "error", either I cant modify the build.pro from the pc because I cant enter to debug mode, then my question is, is dead forever my phone? or exist some way to fix it?