Hovatek Forum DEVELOPMENT Android [Tutorial] How to use AVBtool and a private key to sign a Unisoc (SPD) image
Can't login? Please, reset your password.
Hovatek is recruiting! Apply Now


[Tutorial] How to use AVBtool and a private key to sign a Unisoc (SPD) image

[Tutorial] How to use AVBtool and a private key to sign a Unisoc (SPD) image

Pages (5): 1 2 3 4 5 Next
hovatek
hovatek
hovatek
Administrator
49,570
13-03-2020, 05:32 PM
#1



This guide will explain how to sign Unisoc / Spreadtrum (SPD) images (e.g boot, recovery etc) using a private key and AVBtool. This guide is ideal for those with vbmeta-sign.img in their firmware as such devices will only accept images signed with keys that match what's contained in the device's vbmeta partition.

Requirements


Steps to use AVBtool and a private key to sign a Unisoc (SPD) image


Follow the steps below to sign boot.img, recovery.img etc images using avbtool


See the video below or @ https://youtu.be/ggUcN4xcLkI


  1. Right-click in the folder where all your files are (avbtool, key and images) and click Open in Terminal

  2. Run this command

    Code:

    python avbtool info_image --image recovery_stock.img

    You sometimes need to use 'python2 or 'python3' instead of 'python' depending on your setup.

  3. You should get an output like:

    Code:

    Footer version:           1.0
    Image size:               41943040 bytes
    Original image size:      23742464 bytes
    VBMeta offset:            23744512
    VBMeta size:              2112 bytes
    --
    Minimum libavb version:   1.0
    Header Block:             256 bytes
    Authentication Block:     576 bytes
    Auxiliary Block:          1280 bytes
    Algorithm:                SHA256_RSA4096
    Rollback Index:           0
    Flags:                    0
    Release String:           'avbtool 1.1.0'
    Descriptors:
        Hash descriptor:
          Image Size:            23742464 bytes
          Hash Algorithm:        sha256
          Partition Name:        recovery
          Salt:                  6d13e635e505f337460c4e0f9d22be4a96518ceee422511cca6c6113cd96fa25
          Digest:                75ab9441053eb877eb2c95f1dd3474beeead5437a9a16c3d09efe931c4d16693
          Flags:                 0

  4. From the output, take note of the Image size, Algorithm and Partition Name. You'll need them in the next command. Next, run:

    Code:

    python avbtool add_hash_footer --image recovery_magisk.img --partition_name recovery --partition_size 41943040 --key hovatek.pem --algorithm SHA256_RSA4096

    The variables in this command are:
    --image - the file name of the image you wish to sign
    --partition_name the partition this image belongs to
    --partition_size - Obtained from Image size in the output above
    --key - The primary key used to generate your public keys
    --algorithm - Obtained from Algorithm in the output above

  5. Now, you'll have a magisk patched recovery image which is identical in size to stock and has been signed with your private key.

Important Notice
  • If you encounter an error such as avbtool: Image size of 36700160 exceeds maximum image size of 36630528 in order to fit in a partition size of 36700160, simply unpack and repack your magisk patched boot image using Android Image Kitchen. This will reduce the size.
  • Recall I'd used hovatek.pem private key to create hovatek.bin public key which I'd then used to sign recovery partition when creating my custom signed vbmeta. The custom signed vbmeta first needs to have been flashed to the device else it won't accept this newly signed recovery image
  • You can repeat the same procedure for other partitions. Just replace recovery in the command with the partition name e.g. boot. You also need to have signed that partition using your custom public key back when creating your custom signed vbmeta
  • Credits goes to Petercxy
This post was last modified: 12-11-2023, 01:18 PM by hovatek.

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.
Abatoir
Abatoir
Abatoir
Junior Member
27
17-06-2020, 11:34 AM
#2
(13-03-2020, 05:32 PM)hovatek ...

How can I rectify this issue? https://imgur.com/fs7KHaX
This post was last modified: 20-06-2020, 09:11 AM by hovatek.
X3non
X3non
X3non
Recognized Contributor
22,062
18-06-2020, 02:57 PM
#3
(17-06-2020, 11:34 AM)Abatoir How can I rectify this issue? https://imgur.com/fs7KHaX

if using windows OS, install both python and openssl and ensure that both are added into PATH
if using linux OS, you might want to try installing python 2.x , openssl should be installed by default but you can check to confirm if not the install openssl as well

if you still have problems then create a new thread for your device issue by clicking "ask question" at the top
This post was last modified: 20-06-2020, 09:14 AM by hovatek.
Abatoir
Abatoir
Abatoir
Junior Member
27
19-06-2020, 04:21 AM
#4
(18-06-2020, 02:57 PM)X3non
(17-06-2020, 11:34 AM)Abatoir How can I rectify this issue? [Image: fs7KHaX]

if using windows OS, install both python and openssl and ensure that both are added into PATH
if using linux OS, you might want to try installing python 2.x , openssl should be installed by default but you can check to confirm if not the install openssl as well

if you still have problems then create a new thread for your device issue by clicking "ask question" at the top
thnk you, i shall post results asap.
ch3mn3y
ch3mn3y
ch3mn3y
Enthusiastic Member
6
17-09-2020, 10:42 PM
#5



I'm trying to sign magisk patched boot.img using rsa4096_vbmeta.pem which I have as my publickey.bin file.
Unfortunately avbtool seems to not treat patched boot as boot...

I got error like this:
Code:

>python avbtool.py add_hash_footer --image boot.img --partition_name boot --partition_size 36700160 --key publickey.bin --algorithm SHA256_RSA4096
usage: avbtool.py add_hash_footer [-h] [--image IMAGE]
                                  [--partition_size PARTITION_SIZE]
                                  [--partition_name PARTITION_NAME]
                                  [--hash_algorithm HASH_ALGORITHM]
                                  [--salt SALT] [--calc_max_image_size]
                                  [--output_vbmeta_image OUTPUT_VBMETA_IMAGE]
                                  [--do_not_append_vbmeta_image]
                                  [--algorithm ALGORITHM] [--key KEY]
                                  [--signing_helper APP]
                                  [--signing_helper_with_files APP]
                                  [--public_key_metadata KEY_METADATA]
                                  [--rollback_index ROLLBACK_INDEX]
                                  [--append_to_release_string STR]
                                  [--prop KEY:VALUE]
                                  [--prop_from_file KEY:PATH]
                                  [--kernel_cmdline CMDLINE]
                                  [--setup_rootfs_from_kernel IMAGE]
                                  [--include_descriptors_from_image IMAGE]
                                  [--print_required_libavb_version]
                                  [--chain_partition PART_NAME:ROLLBACK_SLOT:KEY_PATH]
                                  [--flags FLAGS]
                                  [--set_hashtree_disabled_flag]
                                  [--use_persistent_digest] [--do_not_use_ab]
avbtool.py add_hash_footer: error: argument --image: invalid FileType('rab+') value: 'boot.img'

Tried different file names (thought that may be the problem, like standard "magisk_patched" or "boot_magisk".

EDIT: Same problem with stock boot...
This post was last modified: 18-09-2020, 08:31 PM by ch3mn3y.
hovatek
hovatek
hovatek
Administrator
49,570
19-09-2020, 08:32 AM
#6
(17-09-2020, 10:42 PM)ch3mn3y I'm trying to sign magisk patched boot.img using rsa4096_vbmeta.pem which I have as my publickey.bin file.
Unfortunately avbtool seems to not treat patched boot as boot...

I got error like this:
Code:

>python avbtool.py add_hash_footer --image boot.img --partition_name boot --partition_size 36700160 --key publickey.bin --algorithm SHA256_RSA4096
usage: avbtool.py add_hash_footer [-h] [--image IMAGE]
                                  [--partition_size PARTITION_SIZE]
                                  [--partition_name PARTITION_NAME]
                                  [--hash_algorithm HASH_ALGORITHM]
                                  [--salt SALT] [--calc_max_image_size]
                                  [--output_vbmeta_image OUTPUT_VBMETA_IMAGE]
                                  [--do_not_append_vbmeta_image]
                                  [--algorithm ALGORITHM] [--key KEY]
                                  [--signing_helper APP]
                                  [--signing_helper_with_files APP]
                                  [--public_key_metadata KEY_METADATA]
                                  [--rollback_index ROLLBACK_INDEX]
                                  [--append_to_release_string STR]
                                  [--prop KEY:VALUE]
                                  [--prop_from_file KEY:PATH]
                                  [--kernel_cmdline CMDLINE]
                                  [--setup_rootfs_from_kernel IMAGE]
                                  [--include_descriptors_from_image IMAGE]
                                  [--print_required_libavb_version]
                                  [--chain_partition PART_NAME:ROLLBACK_SLOT:KEY_PATH]
                                  [--flags FLAGS]
                                  [--set_hashtree_disabled_flag]
                                  [--use_persistent_digest] [--do_not_use_ab]
avbtool.py add_hash_footer: error: argument --image: invalid FileType('rab+') value: 'boot.img'

Tried different file names (thought that may be the problem, like standard "magisk_patched" or "boot_magisk".

EDIT: Same problem with stock boot...

create a new thread by clicking Ask Question at the top.
In the thread, add a screenshot of the folder containing avbtool and other files
also a screenshot of the command(s) you ran

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.
danpizzy
danpizzy
danpizzy
Newbie
3
20-09-2020, 11:13 PM
#7
python avbtool info_image --image vbmeta-sign.img
avbtool: Given image does not look like a vbmeta image.

got this error on itel p33 plus
X3non
X3non
X3non
Recognized Contributor
22,062
21-09-2020, 09:06 AM
#8
(20-09-2020, 11:13 PM)danpizzy python avbtool info_image --image vbmeta-sign.img
avbtool: Given image does not look like a vbmeta image.

got this error on itel p33 plus

see the fix for your vbmeta type @ https://www.hovatek.com/forum/thread-326...#pid194924
humni
humni
humni
Newbie
1
11-10-2020, 06:54 AM
#9
(19-09-2020, 08:32 AM)hovatek
(17-09-2020, 10:42 PM)ch3mn3y I'm trying to sign magisk patched boot.img using rsa4096_vbmeta.pem which I have as my publickey.bin file.
Unfortunately avbtool seems to not treat patched boot as boot...

I got error like this:
Code:

>python avbtool.py add_hash_footer --image boot.img --partition_name boot --partition_size 36700160 --key publickey.bin --algorithm SHA256_RSA4096
usage: avbtool.py add_hash_footer [-h] [--image IMAGE]
                                  [--partition_size PARTITION_SIZE]
                                  [--partition_name PARTITION_NAME]
                                  [--hash_algorithm HASH_ALGORITHM]
                                  [--salt SALT] [--calc_max_image_size]
                                  [--output_vbmeta_image OUTPUT_VBMETA_IMAGE]
                                  [--do_not_append_vbmeta_image]
                                  [--algorithm ALGORITHM] [--key KEY]
                                  [--signing_helper APP]
                                  [--signing_helper_with_files APP]
                                  [--public_key_metadata KEY_METADATA]
                                  [--rollback_index ROLLBACK_INDEX]
                                  [--append_to_release_string STR]
                                  [--prop KEY:VALUE]
                                  [--prop_from_file KEY:PATH]
                                  [--kernel_cmdline CMDLINE]
                                  [--setup_rootfs_from_kernel IMAGE]
                                  [--include_descriptors_from_image IMAGE]
                                  [--print_required_libavb_version]
                                  [--chain_partition PART_NAME:ROLLBACK_SLOT:KEY_PATH]
                                  [--flags FLAGS]
                                  [--set_hashtree_disabled_flag]
                                  [--use_persistent_digest] [--do_not_use_ab]
avbtool.py add_hash_footer: error: argument --image: invalid FileType('rab+') value: 'boot.img'

Tried different file names (thought that may be the problem, like standard "magisk_patched" or "boot_magisk".

EDIT: Same problem with stock boot...

create a new thread by clicking Ask Question at the top.
In the thread, add a screenshot of the folder containing avbtool and other files
also a screenshot of the command(s) you ran

I also ran into this issue. This is to do with a bit encoding issue which affects Windows only. The Magisk patch meant that windows could not open the file in binary mode and hence preventing the script from running. I instead ran the command using WSL2 (Ubuntu sub system) and it worked like a charm.
gradkal
gradkal
gradkal
Newbie
3
12-10-2020, 10:59 PM
#10



After trying to sign an img in Ubuntu 20.4 with:

python avbtool add_hash_footer --image magisk_patched.img --partition_name boot --partition_size 36700160 --key keys/gk_custom.bin --algorithm SHA256_RSA4096

I always get an error like this:
avbtool: Image size of 36700160 exceeds maximum image size of 36630528 in order to fit in a partition size of 36700160.

The named partition_size is correct. info_img gives:

python avbtool info_image --image original_boot.img
Footer version: 1.0
Image size: 36700160 bytes
Original image size: 17532928 bytes
VBMeta offset: 17534976
VBMeta size: 2176 bytes

Any hints for this?

Edit: Had the wrong Magisk Manager version. The latest canary version doesn´t patch the image the right way. Tried it again with release 8.0.2 and patching worked well. No error with signing then. Problem solved.
This post was last modified: 14-10-2020, 09:50 AM by gradkal.
Pages (5): 1 2 3 4 5 Next
Users browsing this thread:
 1 Guest(s)
Users browsing this thread:
 1 Guest(s)
YtWhTl
live chat
whatsapp telegram instagram