Hisense A5 Pro/Pro CC Bootloader Unlock/Private Key Thread
Hisense A5 Pro/Pro CC Bootloader Unlock/Private Key Thread
(06-08-2021, 06:07 PM)ahmouse ...
P.S. I will edit the post below this one with all the information gathered from this thread
(07-08-2021, 09:18 PM)X3nonThank you for the reply, this is one the few forums where I can detailed, accurate info from people who know exactly what they're doing!(06-08-2021, 06:07 PM)ahmouse ...
P.S. I will edit the post below this one with all the information gathered from this thread
avbtool info_image on your stock vbmeta should give info about the type algorithm i.e RSA****
in general, it'll most likely be 4096 or 2048
a little research though will tell how difficult it is to decode an rsa4096 key
the modulus of the rsa key is usually within vbmeta
in general, you might be better of getting another device
(08-08-2021, 06:17 AM)ahmouse Thank you for the reply, this is one the few forums where I can detailed, accurate info from people who know exactly what they're doing!
avbtool reports the alogrithm as SHA256_RSA4096, does this mean SHA hashing is used somewhere along with encryption?
If the modulus is in vbmeta, I'm assuming the entire public key is there, right? If so, is there a simple way to find it inside an extracted vbmeta.img?
Also, you're probably right, getting a different phone is probably easier, but I love the challenge of unlocking a never-before-unlocked device
(09-08-2021, 04:42 PM)hovatekI see, however I have a (somewhat crazy) plan for the public key, based on https://algorithmsoup.wordpress.com/2019...1-the-hack(08-08-2021, 06:17 AM)ahmouse Thank you for the reply, this is one the few forums where I can detailed, accurate info from people who know exactly what they're doing!
avbtool reports the alogrithm as SHA256_RSA4096, does this mean SHA hashing is used somewhere along with encryption?
If the modulus is in vbmeta, I'm assuming the entire public key is there, right? If so, is there a simple way to find it inside an extracted vbmeta.img?
Also, you're probably right, getting a different phone is probably easier, but I love the challenge of unlocking a never-before-unlocked device
Its the private key (not public keys in vbmeta) that's the key to unlocking bootloader with this method. Its down to a leaked engineer BL file or a different exploit. I have a theory but the factory pac file is required
(09-08-2021, 06:53 PM)ahmouse I see, however I have a (somewhat crazy) plan for the public key, based on https://algorithmsoup.wordpress.com/2019...1-the-hack
With that said, do you know if there is any place to get the public key?
If it was possible to get a PAC file using the CM2, would that work as well? The last person to try the CM2 (timo.helfer) was unable to, but that was back in March, so things may have changed.
I don't wanna leave any stone unturned, I really wanna try to port a custom rom over and hopefully port the eink features as well
(10-08-2021, 07:14 PM)hovatek(09-08-2021, 06:53 PM)ahmouse I see, however I have a (somewhat crazy) plan for the public key, based on https://algorithmsoup.wordpress.com/2019...1-the-hack
With that said, do you know if there is any place to get the public key?
If it was possible to get a PAC file using the CM2, would that work as well? The last person to try the CM2 (timo.helfer) was unable to, but that was back in March, so things may have changed.
I don't wanna leave any stone unturned, I really wanna try to port a custom rom over and hopefully port the eink features as well
CM2 still doesn't work for this model
for public keys, https://www.hovatek.com/forum/thread-32667.html
(13-08-2021, 07:30 AM)ahmouse EDIT: NEVERMIND! I was able to decode and extract the modulus, and the public exponent is always 65537 in vbmeta public keys, so I was able to generate a proper PEM public key using openssl. I could cleanup and release the python script if you or someone else is curious/wants it
Original post:
Thanks, I was are to extract the public key, however its encoded in what seems to be an AVB-specific way. Do you know of a way to decode the public keys into a usable format? I've spent hours trying to reverse the encoding however I've only been able to get the modulus of one key (idk what its used for, but its not a partition key). Partition keys are handled differently, unfortunately, so they seem to be much harder to reverse.
(14-08-2021, 10:43 AM)hovatek(13-08-2021, 07:30 AM)ahmouse EDIT: NEVERMIND! I was able to decode and extract the modulus, and the public exponent is always 65537 in vbmeta public keys, so I was able to generate a proper PEM public key using openssl. I could cleanup and release the python script if you or someone else is curious/wants it
Original post:
Thanks, I was are to extract the public key, however its encoded in what seems to be an AVB-specific way. Do you know of a way to decode the public keys into a usable format? I've spent hours trying to reverse the encoding however I've only been able to get the modulus of one key (idk what its used for, but its not a partition key). Partition keys are handled differently, unfortunately, so they seem to be much harder to reverse.
That would be nice