Related
I am still testing but... well another user gave us the info to the update file... and it gives us the radio.img, the boot.img, and an editable system folder... I wonder if it will let you update it if you change the files... Wonder if you can sign it yourself.
Well please do let us know!
It is too late to do it tonight (for me anyways) I will be deleting files and seeing if it keeps it signed status tomorrow (you know how HTC likes every signed a certain way LOL) will keep you informed. BTW there is another thread with the file.
You get hat Structure from the Following File
https://android.clients.google.com/updates/signed-kila-ota-115247-prereq.TC4-RC19+RC28.zip
Making the Customised Image is not an Issue though but how can we signed it to Possible load it on Device.
We must get Cracked Boot loader to flash Unsigned Object and file like we have done it so far to Windows Based HTC Devices.
Yeah, I think that the signature of those files (found in the MANIFEST.MF) is crucial to get it to flash.
If, however, you can get it to flash with those things changed - that'd be pretty awesome.
The easiest way to test it, I think, would be to leave the files intact but to alter one of the signatures in the MANIFEST.MF file so that you are effectively breaking the signing (which is the same thing changing one of those files would do) - once you have done that - if the device will still flash then you KNOW you are in business.
Just don't want to waste a lot of time building some sweet image only to find out you can't do anything with it.
Just my 2 cents.
The other question is - once you've run an update from the SD card with the RC29 update can you re-run the update?
RyeBrye said:
The easiest way to test it, I think, would be to leave the files intact but to alter one of the signatures in the MANIFEST.MF file so that you are effectively breaking the signing (which is the same thing changing one of those files would do) - once you have done that - if the device will still flash then you KNOW you are in business.
{...}
The other question is - once you've run an update from the SD card with the RC29 update can you re-run the update?
Click to expand...
Click to collapse
I can test it out for you. Just change any value in the file?
And someone else had stated that you can re-update, but I'll try it again with the file changed.
Okay... so you can run the update again, just confirming.
I removed a ringtone from the /system/media/audio/ringtones but didn't change anything in the MANIFEST.MF file.
"Verification failed
Installation aborted."
Next i'll try to change the value for it in the MANIFEST.MF file and see if it goes thru.
Changin the MANIFES.MF file failed because it checks with CERT.SF
Chaning CERT.SF to be the same.
Now I got the following
E:No signature (414 files)
E: Verification failed
Installation aborted.
Time to tinker away... If someone can guide me just a lil, that would be apreciated. I'm still going to waste my time doing whatever "I beleave" is progress in the mean time
quedijo said:
Now I got the following
E:No signature (414 files)
E: Verification failed
Installation aborted.
Time to tinker away... If someone can guide me just a lil, that would be apreciated. I'm still going to waste my time doing whatever "I beleave" is progress in the mean time
Click to expand...
Click to collapse
I wish i knew anything about linux permission, i would like to help
apatcas said:
I wish i knew anything about linux permission, i would like to help
Click to expand...
Click to collapse
Thoughts count aswell
I got to go do a job right quick... should be back in 4hrs or less, I hope
i'll try to help as much as i can
Ill look into how the manifest works, ill work on it as much as I can
Let's get this baby customized
The cert is referencing a checksum to the manifest. It seems that they are using sha1-digest as stated plainly in the manifest file but i believe it is further encoded by base32 encoding. Does anybody have a base32 encoder handy?
Digests and the Signature File JDK
I believe the second line in CERT.SF is a hash for MANIFEST.MF. You need that hash to match the hash for the actual file MANIFEST.MF. There could be something that also hashes CERT.SF to see if you messed with it, but I don't see that right now.
So, edit CERT.SF so the line:
SHA1-Digest-Manifest: lsGC/wXGYwKahxByTQdTNs2K5oY=
Matches the SHA1-Digest (in base32) of MANIFEST.MF and try again.
Just to clear up some things for those following this thread...
The update image is signed with a private key by either HTC or Google (honestly not sure which, probably google). When your phone receives the image it decrypts the signature with each of the public keys it has installed, if one matches it installs.
The keys are made in pairs, the private key (which only the signer has and we will not obtain) signs and the public key (which is installed on the device as trusted) is used to decrypt.
Of course if someone can manage root access to the phone through one of the processes running as root by using a buffer overflow or something of that nature we can simply add OUR OWN public key to the phone's repository, and sign our images with OUR OWN private key. This would allow a new image to be made that once installed could auto-check for updates and pull off the same kind of update process that we see with rc29...
netcmd said:
I believe the second line in CERT.SF is a hash for MANIFEST.MF. You need that hash to match the hash for the actual file MANIFEST.MF. There could be something that also hashes CERT.SF to see if you messed with it, but I don't see that right now.
So, edit CERT.SF so the line:
SHA1-Digest-Manifest: lsGC/wXGYwKahxByTQdTNs2K5oY=
Matches the SHA1-Digest (in base32) of MANIFEST.MF and try again.
Click to expand...
Click to collapse
It is the hash for MANIFES.MF
I did that and still gives the following:
E:No signature (414 files)
E:Verification failed
syrusfrost said:
Just to clear up some things for those following this thread...
The update image is signed with a private key by either HTC or Google (honestly not sure which, probably google). When your phone receives the image it decrypts the signature with each of the public keys it has installed, if one matches it installs.
The keys are made in pairs, the private key (which only the signer has and we will not obtain) signs and the public key (which is installed on the device as trusted) is used to decrypt.
Of course if someone can manage root access to the phone through one of the processes running as root by using a buffer overflow or something of that nature we can simply add OUR OWN public key to the phone's repository, and sign our images with OUR OWN private key. This would allow a new image to be made that once installed could auto-check for updates and pull off the same kind of update process that we see with rc29...
Click to expand...
Click to collapse
@syrusfrost: It's true that the zip is signed with a private key from HTC, however we can easily resign the package using our own key. The question is will the G1 accept this?
Has anyone tried resigning the application with the jarsigner? The errors people have been listing, and the files located in META-INF corrospond to the same errors you get after patching a dalvik-executable (dex file) and not resign the package.
If the system files are NOT verifying it to the the specific HTC key we should be able to resign and have it accept out own update file...
I'm currently not at my development machine but I'm thinking we might be able to get somewhere using the permissions.xml file located in /system/etc/ - though this is considered a 'read-only' file in both the emulator and in the G1 hardware so changing it has thus far been unable to happen... Possibly a minor change like the following;
Code:
<!-- Test to see if we can gain cache access by assigning permissions and getting new
update -->
<assign-permission name="android.permission.ACCESS_CACHE_FILESYSTEM" uid="shell" />
Then resigning the whole package would let us get access to the /data/dalvik-cache system? Any takers on my... Seemingly stretching assumption?
strazzere said:
Then resigning the whole package would let us get access to the /data/dalvik-cache system? Any takers on my... Seemingly stretching assumption?
Click to expand...
Click to collapse
Okay bare with me. I wan't instructions on how to get the SHA1-digest of a file.
I found some instructions to use PHP and I can boot a LiveUSB Distro of Fedora but i'm sitll a bit lost
I have installed CyoHash for vista and the SHA1 base64 are exactly the same as the ones in the MANIFEST.CF but different for CERT.CF
So are the hashes for MANIFEST.CF SHA1 base64 and SHA1-Digest base32 for CERT.CF?
quedijo said:
Okay bare with me. I wan't instructions on how to get the SHA1-digest of a file.
I found some instructions to use PHP and I can boot a LiveUSB Distro of Fedora but i'm sitll a bit lost
I have installed CyoHash for vista and the SHA1 base64 are exactly the same as the ones in the MANIFEST.CF but different for CERT.CF
So are the hashes for MANIFEST.CF SHA1 base64 and SHA1-Digest base32 for CERT.CF?
Click to expand...
Click to collapse
I think Manifest.cf is just a regular hash checking file to make sure all files are there. While Cert.cf is the one that makes sure they are signed by the RSA
EDIT: CERT.CF is signed with HMAC-SHA1 The RSA is the public Key used to decrypt the hash correctly. I believe this means we can definitely use our own private/public keys to sign the package.
Anyone wanna help me figure out how to sign a HMAC-SHA1?
Hi,
For developing an application I wanted to know, the exact path where the dlls deployed via XAP file are getting deployed in the phone (mango). I see that the XAP file can embed dlls etc and pass it on to the device. But Im not sure where (folder name/path) they are really going to. Some where in the xda forums, it says it is the Applications\Install\" + productID + @"\Install" directory is where all the external dlls etc goes. But when I try to access this file path from code (for creating a new file) an error is thrown.
Has one one got more information on how to overcome this access restriction ?.
Im using mago 7, developer unlocked, HTC Troppy with interop services enabled.
regards. The idea is to host a com dll and register it to the device for further use.
RR
I am newbie in Windows Phone 7 development.
I am trying to unzip a file that was downloaded to isolatedstorage in WP7.
I have tried with ShapZipLib but with no success. Does anyone have an example on how to do this in WP7?
Thanks a lot !
seems like there is no way to unzip a file in isolated storage ,but you can browse a zip file via IE........ if that zip file is on the internet
坏天使 said:
I have tried with ShapZipLib but with no success. Does anyone have an example on how to do this in WP7?
Click to expand...
Click to collapse
Use DotNetZip library, it has a SL implementation (works fine on WP7 but requires some minor tweaking).
By the way, if you have problems with SharpZipLib (also works fine on WP7 but also requires some tweaking/reassembling), I'll recommend you to learn more about WP7/Silverlight programming first. Sorry I have no time to teach you how to write programs on WP7...
WP7 actually has a Silverlight API to extract specific files from a ZIP archive directly. This is technically an undocumented use of this API, but it does work:
Uri filename, zipname;
filename = new Uri("<FILE_TO_UNZIP_FROM_ARCHIVE>", UriKind.Relative);
zipname = new Uri(@"\Applications\Data\<APP_GUID_HERE>\Data\IsolatedStore\<ZIP_ARCHIVE_NAME.ZIP>", UriKind.Relative);
Stream filestream = Application.GetResourceStream(Application.GetResourceStream(zipname), filename).Stream;
Then, you can use standard Stream functions to read the file from within the ZIP, including write it to an IsolatedStore file.
The only undocumented part of this is that you actually can pass fully-qualified paths to the Uri constructor and then open them using GetResourceStream... just so long as the Uri is constructed as Relative (even though it's not) and the file is one that the app has permissions to read (which typically means its Install directory, its data directory, and the Windows directory). The use of nested Application.GetResourceStream to read inside a ZIP file is actually documented.
** Version 2.4 Updated October 2016 **
WhatCrypt - WhatsApp Crypt Tool
WhatCrypt is a decryption and encryption tool for backed up WhatsApp databases.
Usage Examples:
Decrypt legacy .crypt and .crypt5-12 files to .db files.
Encrypt .db files to legacy .crypt files.
Original encrypted files will not be moved or deleted. If you get any Decryption Failed messages
then it means that either the encrypted database is corrupt or you have supplied the incorrect
account name or key file. Root access will be required to obtain your crypt key (crypt 6>12) or Android 4.0+.
HOW TO GET YOUR CRYPT KEY NON-ROOT
Download Here: http://whatcrypt.com/com.whatcrypt.apk
Version History
Version 1.0 - Initial release.
Version 1.1 - Added disable minions (sounds) option.
Version 1.2 - Added support for empty or null accounts with crypt5.
Version 1.3 - Added support for crypt6.
Version 1.4 - Added root key copier.
Version 1.5 - Added support for crypt7.
Version 1.6 - Removed minions (sounds).
Version 1.7 - Added decrypt / encrypt progress bar.
Version 1.8 - Added support for crypt8.
Version 1.9 - Fixed crypt8 support on latest WhatsApp version.
Version 2.0 - Added support for crypt9-12.
Version 2.1 - Fixed a bug effecting some decrypts of crypt12.
Version 2.2 - Fixed malformed database issue and added support for Android Marshmallow.
Version 2.3 - Added native root methods and dynamic support for crypt10-12 (variation b).
Version 2.4 - Fixed SU issue, added crypt12 variations E/F and support for Android Nougat.
Copyright / Distribution
This application is the proprietary copyright of whatcrypt.com. In the spirit of education, we have no issues with anyone reverse engineering the apk in private. You are however expressly forbidden from posting any links to decompiled sources or distributing the binary itself or any modified binaries. You may of course share the official download link.
does it work/??
Does this really work?
TripCode said:
WhatCrypt - WhatsApp Crypt Tool
WhatCrypt is a decryption and recryption tool for backed up WhatsApp databases.
Usage Examples:
Decrypt .crypt and .crypt5 database files and turn them into SQLite files.
Decrypt or Recrypt.crypt5 database files that have not been linked to any account.
Recrypt .crypt5 database files so they can be used on another device / account.
Recrypt .crypt5 database files to .crypt so they can be used on older WhatsApp versions.
Recrypt .crypt database files to .crypt5 so they can be used on newer WhatsApp versions.
All decrypted and recrypted files will be saved in the same directory as the original encrypted
file. Decrypted files will end in .db. Recrypted files will end in re.crypt or re.crypt5. The
original encrypted files will not be moved or deleted. If you get any Decryption Failed messages
then it means that either the encrypted database is corrupt or you have supplied the incorrect
account name.
Download Here: http://whatsapp.livetrack.mobi/com.whatcrypt.apk
Click to expand...
Click to collapse
This looks like a crap which wont work and is only designed to collect user database...
Sent from my GT-I9082 using XDA Premium 4 mobile app
It works absolutely fine!
->"WhatCrypt Settings" -> locate the .crypt5 file -> type in your gmail account-> Save settings-> Back to Main Menu->Recrypt Whatsapp Database->Put in your gmail address again-> remove the hook from crypt5-> Recrypt Whatsapp Database-> WAIT a minute.
This will create a normal crypt file, which can be used in whatsapp xtract just like before!
"Google recommends you not to install this app."
Pumpernickel1 said:
It works absolutely fine!
->"WhatCrypt Settings" -> locate the .crypt5 file -> type in your gmail account-> Save settings-> Back to Main Menu->Recrypt Whatsapp Database->Put in your gmail address again-> remove the hook from crypt5-> Recrypt Whatsapp Database-> WAIT a minute.
This will create a normal crypt file, which can be used in whatsapp xtract just like before!
Click to expand...
Click to collapse
It doesnt nw..the key might hav changed or the dechipher no longer works..searchin for somethin tht cud break the code..
ursnava said:
It doesnt nw..the key might hav changed or the dechipher no longer works..searchin for somethin tht cud break the code..
Click to expand...
Click to collapse
Decrypt doesn't work for me either but RECRYPT from .crypt5 to .crypt definitly works still fine!
Just tried with newest Whatsapp availabe and newest Backup file.
Recrypting will create "msgstore.db.re.crypt". Of course this has to renamed to "msgstore.db.crypt" before you can use "Whatsap Xtract".
hasta_guy said:
This looks like a crap which wont work and is only designed to collect user database...
Sent from my GT-I9082 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Yep.. it seems to be so..
Pumpernickel1 said:
Decrypt doesn't work for me either but RECRYPT from .crypt5 to .crypt definitly works still fine!
Just tried with newest Whatsapp availabe and newest Backup file.
Recrypting will create "msgstore.db.re.crypt". Of course this has to renamed to "msgstore.db.crypt" before you can use "Whatsap Xtract".
Click to expand...
Click to collapse
Its a crap. there is a better app which recrypts. https://play.google.com/store/apps/details?id=org.fireblade.whatsappconverter
Can any one recommend any app which can convert my old backup file of db.crypt to the new backup file db.crypt5 so that i can import old data.
Its not working even after entering correct gmail account
Its not working even after entering correct gmail account. Its not decryting the database.
What should be done now.
Whatsapp introduced .crypt6 files in the latest version from their website and I am not able to convert them to.crypt using the tool. Any insight into crypt6?
ombheembush said:
Whatsapp introduced .crypt6 files in the latest version from their website and I am not able to convert them to.crypt using the tool. Any insight into crypt6?
Click to expand...
Click to collapse
The app has been updated to support crypt6. Root access will be required to obtain your crypt6 key.
crypt6 key
how to get Crypt6 key from android phone.
please tell me brifly.
give the full path so i can find crypt6 key.
TripCode said:
The app has been updated to support crypt6. Root access will be required to obtain your crypt6 key.
Click to expand...
Click to collapse
thanks for the application. i was able to obtain a decrypted file of the database, file extension was .db
i want to use this file with smsbackup+ to backup whatsapp chats in my gmail.
smsbackup+ does not recognive the newly created file. do you know how i can solve this?
smsbackup+ was backing up after i converted the crypt5 file with this app https://play.google.com/store/apps/details?id=org.fireblade.whatsappconverter
resitm said:
thanks for the application. i was able to obtain a decrypted file of the database, file extension was .db
i want to use this file with smsbackup+ to backup whatsapp chats in my gmail.
smsbackup+ does not recognive the newly created file. do you know how i can solve this?
smsbackup+ was backing up after i converted the crypt5 file with this app
Click to expand...
Click to collapse
Crossposting links in multiple threads puts you in danger of becoming a spam whore. I advise you not to do it. If you would like to promote an app then I would advise you to link to it in your signature instead of cluttering up the forums. If the app that you are promoting works for you then I fail to see any constructive purpose of your post. In anycase, sms backup+ is open source so why not just use a fork that contains support for crypt 5? However, it must be noted that the switch to crypt6 is imminent and that crypt5 will soon be yesterdays news.
TripCode said:
Crossposting links in multiple threads puts you in danger of becoming a spam whore. I advise you not to do it. If you would like to promote an app then I would advise you to link to it in your signature instead of cluttering up the forums. If the app that you are promoting works for you then I fail to see any constructive purpose of your post. In anycase, sms backup+ is open source so why not just use a fork that contains support for crypt 5? However, it must be noted that the switch to crypt6 is imminent and that crypt5 will soon be yesterdays news.
Click to expand...
Click to collapse
I like the danger of becoming a spam whore, let me worry about me.
The whatsapp i use has the crypt6 file, i just said that the pther app was working with the crypt5. Not promoting or any other b.s
I posted in 2 locations so more people would see it, seeing how this thread is not moving.
resitm said:
I like the danger of becoming a spam whore, let me worry about me.
The whatsapp i use has the crypt6 file, i just said that the pther app was working with the crypt5. Not promoting or any other b.s
I posted in 2 locations so more people would see it, seeing how this thread is not moving.
Click to expand...
Click to collapse
My appologies if you weren't spamming. Have you verified that you can open the db file in a sqlite browser? Also, I thought sms plus dealt with the old .crypt files so what you may need to do is use the Recrypt option to convert crypt6 to crypt and then rename the recrypted msgstore.db.re.crypt to msgstore.db.crypt so that it can be read by sms plus. Let me know how you get on.
jigneshpatel571985 said:
how to get Crypt6 key from android phone.
please tell me brifly.
give the full path so i can find crypt6 key.
Click to expand...
Click to collapse
The key file is located in "/data/data/com.whatsapp/files/key" You can obtain it with root or possibly with a usb backup solution such as Helium. It should be noted that the beta builds of WhatsApp use a rolling encryption mechanism which means that the cipher key changes periodically. As far as I can tell WhatsApp doesn't even read the cipher key from the key file, but instead calls a remote hashing algorithm on their server which is based on other parameters stored in this file. It's likely that in the next stable release the cipher key may not even be present on the device. In which case the only way to obtain the current cipher will be to patch the WhatsApp apk. I have already developed a patch tool that is called WhatPatch that can achieve this, though I'll be watching this space with everyone else before I decide if it's worth releasing or not.
TripCode said:
The app has been updated to support crypt6. Root access will be required to obtain your crypt6 key.
Click to expand...
Click to collapse
Says Crypt 6 key not found even though it says the Key copied successfully in the settings page; in reality the crypt6.key is not copied to the directory.
ombheembush said:
Says Crypt 6 key not found even though it says the Key copied successfully in the settings page; in reality the crypt6.key is not copied to the directory.
Click to expand...
Click to collapse
Was the app granted root? Failing that if you have root then just copy "/data/data/com.whatsapp/files/key" to "sdcard/WhatsApp/crypt6.key" manually. The copy feature works on several of my own devices, but has not yet been exstensively tested. Please also ensure that the path to the key is correct in settings.
EDIT: The app has been updated. Specifically concerning the root key copying mechanism. It is busybox aware and the event handling of any errors is more precise. I.E. If the user has a version of WhatsApp installed that does not yet support crypt6 it will respond with "Cannot copy a non-existent key!".
Hi everyone
I created android application with service (mouse cursor),
I was able to move the cursor and click within the application by injecting using “Instrumentation.sendPointerSync(MotionEvent.obtai n(SystemClock.uptimeMillis(), SystemClock.uptimeMillis(), MotionEvent.ACTION_DOWN, x, y , 0)); “
, but when I click outside the application (try to open google chrome), the application crashed and give me this
“java.lang.SecurityException:Injecting to another application requires INJECT_EVENTS permission”
I Already add <uses-permission android:name="android.permission.INJECT_EVENTS"/> but still same error.
After googling and searching, I understand that I need to add root permission to my application, to do so I need to sign my application with private key form my android device and then install the application using this command “adb install YourApp-signed.apk “.
And to sign the application I need platform.x509.pem and platform.pk8, where can I find those files, and how to create the Keystore ?! and what is aligned apk ?! I feel LOST.
Thank you in advance