[Please help] Flashing AVB Unlocked Device (secureboot?)
[Please help] Flashing AVB Unlocked Device (secureboot?)
./at_auth_unlock.py cube_unlock_credentials_v2.zip
Product ID SHA256 hash = 511d37b1ced91711c81558ca0aa69ac54885805395166888c6ce80368a8117c0
Found matching unlock credentials: unlock_credentials_v2.zip
Device successfully AVB unlocked
Successfully cleared the factory partition persistent digest.
(bootloader) at-attest-uuid: 78A2A067D9B44096A08A834BB45A56C2
(bootloader) at-attest-dh: 1:P256,2:curve25519
(bootloader) slot-unbootable:b: yes
(bootloader) slot-unbootable:a: no
(bootloader) slot-retry-count:b: 0
(bootloader) slot-retry-count:a: 0
(bootloader) slot-successful:b: no
(bootloader) slot-successful:a: yes
(bootloader) slot-count: 2
(bootloader) current-slot: a
(bootloader) max-download-size: 0x6000000
(bootloader) partition-size:userdata: 0x13fe56e00
(bootloader) partition-type:userdata: ext4
(bootloader) partition-size:oem_b: 0x1f400000
(bootloader) partition-type:oem_b: raw
(bootloader) has-slot:oem: yes
(bootloader) partition-size:oem_a: 0x1f400000
(bootloader) partition-type:oem_a: raw
(bootloader) partition-size:factory_bootloader: 0x1000000
(bootloader) partition-type:factory_bootloader: raw
(bootloader) partition-size:factory: 0x2000000
(bootloader) partition-type:factory: raw
(bootloader) partition-size:oem_bootloader_b: 0x400000
(bootloader) partition-type:oem_bootloader_b: raw
(bootloader) has-slot:oem_bootloader: yes
(bootloader) partition-size:oem_bootloader_a: 0x400000
(bootloader) partition-type:oem_bootloader_a: raw
(bootloader) partition-size:vendor_b: 0x4000000
(bootloader) partition-type:vendor_b: ext4
(bootloader) has-slot:vendor: yes
(bootloader) partition-size:vendor_a: 0x4000000
(bootloader) partition-type:vendor_a: ext4
(bootloader) partition-size:vbmeta_b: 0x10000
(bootloader) partition-type:vbmeta_b: raw
(bootloader) has-slot:vbmeta: yes
(bootloader) partition-size:vbmeta_a: 0x10000
(bootloader) partition-type:vbmeta_a: raw
(bootloader) partition-size:system_b: 0x20000000
(bootloader) partition-type:system_b: ext4
(bootloader) has-slot:system: yes
(bootloader) partition-size:system_a: 0x20000000
(bootloader) partition-type:system_a: ext4
(bootloader) partition-size:boot_b: 0x2000000
(bootloader) partition-type:boot_b: raw
(bootloader) has-slot:boot: yes
(bootloader) partition-size:boot_a: 0x2000000
(bootloader) partition-type:boot_a: raw
(bootloader) partition-size:tee_b: 0x500000
(bootloader) partition-type:tee_b: raw
(bootloader) has-slot:tee: yes
(bootloader) partition-size:tee_a: 0x500000
(bootloader) partition-type:tee_a: raw
(bootloader) partition-size:lk_b: 0x60000
(bootloader) partition-type:lk_b: raw
(bootloader) has-slot:lk: yes
(bootloader) partition-size:lk_a: 0x60000
(bootloader) partition-type:lk_a: raw
(bootloader) partition-size:logo: 0x800000
(bootloader) partition-type:logo: raw
(bootloader) partition-size:metadata: 0x2000000
(bootloader) partition-type:metadata: raw
(bootloader) partition-size:frp: 0x100000
(bootloader) partition-type:frp: raw
(bootloader) partition-size:para: 0x80000
(bootloader) partition-type:para: raw
(bootloader) partition-size:seccfg: 0x40000
(bootloader) partition-type:seccfg: raw
(bootloader) partition-size:dkb: 0x200000
(bootloader) partition-type:dkb: raw
(bootloader) partition-size:kb: 0x200000
(bootloader) partition-type:kb: raw
(bootloader) partition-size:misc: 0x100000
(bootloader) partition-type:misc: raw
(bootloader) partition-size:nvram: 0x500000
(bootloader) partition-type:nvram: raw
(bootloader) partition-size:proinfo: 0x300000
(bootloader) partition-type:proinfo: raw
(bootloader) partition-size:preloader: 0x40000
(bootloader) partition-type:preloader: raw
(bootloader) serialno: xx
(bootloader) warranty: no
(bootloader) unlocked: yes
(bootloader) secure: no
(bootloader) kernel: lk
(bootloader) variant: mt8167s_som
(bootloader) product: mt8167s
(bootloader) logical-block-size: 0x200
(bootloader) erase-block-size: 0x80000
(bootloader) version-baseband: N/A
(bootloader) version-bootloader: POLK0.5
(bootloader) version-preloader: 00
(bootloader) version: 0.5
./avbtool110 make_vbmeta_image --flags 2 --padding_size 4096 --output vbmeta_disabled.img
$ fastboot --set-active=b
Setting current slot to 'b' OKAY [ 0.012s]
Finished. Total time: 0.014s
$ fastboot flash vbmeta ../vbmeta_disabled.img --disable-verity --disable-verification
Sending 'vbmeta_b' (4 KB) OKAY [ 0.012s]
Writing 'vbmeta_b' OKAY [ 0.008s]
Finished. Total time: 0.031s
(05-07-2021, 11:37 PM)Whiterat ...
But I still cannot flash/boot a modified boot image without the partition being marked as unbootable.
Is to do with MTK secureboot?
Any ideas on next steps?
Thanks.
(06-07-2021, 10:59 AM)Whiterat I split and rebuilt boot.img (without rebuilding the ramdisk or making any modifications) and apart from the lack of AVB footer it's identical byte for byte to the original image(minus AVB footer).
And still fails to boot that slot :/
(07-07-2021, 11:10 AM)Whiterat with avb unlocked, custom vbmeta and stock boot but with vbmeta signature stripped from stock boot image it will not boot
./mkbootimg \
--kernel boot.img-zImage \
--ramdisk boot.img-ramdisk.gz \
--cmdline "bootopt=64S3,32N2,64N2 buildvariant=user" \
--board ''\
--base 0x40078000 \
--pagesize 2048 \
--kernel_offset 0x00008000 \
--ramdisk_offset 0x14f88000 \
--second_offset 0x00e88000 \
--tags_offset 0x0df88000 \
--os_version 8.1.0 \
--os_patch_level 2019-02 \
-o test.img
33554432 Jun 25 01:43 boot.img
12832768 Jul 10 22:26 test.img
$ dd if=boot.img bs=12832768 count=1 | sha256sum
1+0 records in
1+0 records out
12832768 bytes (13 MB, 12 MiB) copied, 0.0890766 s, 144 MB/s
2d8728be2c3120b72be296231f2cc81f8a05da69f0b0d754ba4d8d10f5a467f3 -
$ sha256sum test.img
2d8728be2c3120b72be296231f2cc81f8a05da69f0b0d754ba4d8d10f5a467f3 test.img
$ hexdump -C -s 12832768 boot.img
00c3d000 41 56 42 30 00 00 00 01 00 00 00 00 00 00 00 00 |AVB0............|
00c3d010 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 |................|
00c3d020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00c3d040 00 00 00 00 00 00 00 c8 00 00 00 00 00 00 00 00 |................|
*
00c3d060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 |................|
00c3d070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00c3d080 61 76 62 74 6f 6f 6c 20 31 2e 31 2e 30 00 00 00 |avbtool 1.1.0...|
00c3d090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00c3d100 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 b8 |................|
00c3d110 00 00 00 00 00 c3 d0 00 73 68 61 32 35 36 00 00 |........sha256..|
00c3d120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00c3d130 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 20 |............... |
00c3d140 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 |... ............|
00c3d150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00c3d180 00 00 00 00 62 6f 6f 74 95 a7 e0 6b 2e fa 4c e1 |....boot...k..L.|
00c3d190 21 8f 2d 24 f9 cf 78 ff f7 c0 81 96 3d 2f 6e 83 |!.-$..x.....=/n.|
00c3d1a0 b5 e7 8c ee 56 3b 3e 19 38 da ca b0 93 3f 4a bb |....V;>.8....?J.|
00c3d1b0 90 4e 32 5f 28 e7 41 ce f6 5f 56 4e e9 82 ef fa |.N2_(.A.._VN....|
00c3d1c0 f7 ce 87 6c 8e 8c 03 67 00 00 00 00 00 00 00 00 |...l...g........|
00c3d1d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
01ffffc0 41 56 42 66 00 00 00 01 00 00 00 00 00 00 00 00 |AVBf............|
01ffffd0 00 c3 d0 00 00 00 00 00 00 c3 d0 00 00 00 00 00 |................|
01ffffe0 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
01fffff0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
02000000
(12-07-2021, 12:04 PM)X3non(11-07-2021, 01:56 AM)Whiterat ...Not sure how much I can achieve with "Android Things" as an OS, really does seem cut back.
not sure either, the OS is been dropped by google but curious, were you able to get root using magisk on this OS?