Help me root Sharp sh07d, 01.00.03 software - Other Tools & General Discussion

So, what I have got: universal tools for sharp devides, rooting tool with source code for my device with another software version and it's needed to change some values(adresses) in executable binary files and get other ones.
1)I've fot these data from universal rooting tools. It's needed to put it to db file (i know how) and add to binary file - i don't know how dissasemle it for i might see source code and change it
Found: mmc_protect_part = 0xc072dd2c
Detected kernel physical address at 0x00208000 from iomem
You need to manage to get remap_pfn_range address.
Essential address are:
prepare_kernel_cred = 0xc01c5fb4
commit_creds = 0xc01c6278
remap_pfn_range = 0xc020879c
vmalloc_exec = 0xc02128d8
ptmx_fops = 0xc0edc148
Found: mmc_protect_part = 0xc072dd2c
Click to expand...
Click to collapse
2) problem with writitng defence - it's static code from another sw version
#define security_ops_sh07d_01_00_04 0xc0a42f68
#define n_security_ops_sh07d_01_00_04 140
static lsm_fix_t lsm_fixes_sh07d_01_00_04[] = {
{ 0xc03122c4, 0xc0310598 }, // ptrace_access_check
{ 0xc03122cc, 0xc0310514 }, // ptrace_traceme
{ 0xc03122d4, 0xc0311fcc }, // sb_umount
{ 0xc0312880, 0xc03120ec }, // path_chroot
{ 0xc0312828, 0xc0311fd4 }, // sb_pivotroot
{ 0xc031272c, 0xc03120bc }, // path_symlink
{ 0xc0312564, 0xc0311fc4 }, // sb_mount
Click to expand...
Click to collapse
how to find these adresses on my device and where? from kernel? does it needed to download it on pc and how?
Thankful in advance for answers

Related

Rooting RC30 - need some questions answered about adbd and debuggerd

If someone has a stock RC30 installed, can you tell me what user id runs adbd and debuggerd?
To be able to debug processes and take screenshots, those processes must running be with some sort of privileged permissions and may be exploitable...
debuggerd runs as root, adbd runs as shell (that's on my official RC30 phone)
Hmm, in that case, it may actually be possible to take a screenshot without root by writing an ADB client in Java to connect to the adb daemon. And, shell also has access to the surface flinger, so it may be possible to do autorotation as well.
Anyways, I'll take a look at debuggerd and see if there anything interesting.
I did find some funny code in debuggerd.c a minute ago. Watch your phone's LED and type this into a root shell:
echo 255 > /sys/class/leds/red/brightness
Yup.
http://forum.xda-developers.com/showthread.php?p=2905504&highlight=backlight#post2905504
Holy ****!!! There may be a root hole in installd:
installd runs as root; it is the daemon that allows you to do the following commands related to installing and uninstalling APKs and managing their DEX files.
Code:
{ "ping", 0, do_ping },
{ "install", 3, do_install },
{ "dexopt", 3, do_dexopt },
{ "movedex", 2, do_move_dex },
{ "rmdex", 1, do_rm_dex },
{ "remove", 1, do_remove },
{ "freecache", 1, do_free_cache },
{ "rmcache", 1, do_rm_cache },
{ "protect", 2, do_protect },
{ "getsize", 3, do_get_size },
{ "rmuserdata", 1, do_rm_user_data },
The install daemon reads these commands from a socket and then executes them.
The interesting command is the "install" command, which maps to the following function:
Code:
static int do_install(char **arg, char reply[REPLY_MAX])
{
return install(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, gid */
}
int install(const char *pkgname, uid_t uid, gid_t gid)
{
char pkgdir[PKG_PATH_MAX];
char libdir[PKG_PATH_MAX];
if ((uid < AID_SYSTEM) || (gid < AID_SYSTEM)) {
LOGE("invalid uid/gid: %d %d\n", uid, gid);
return -1;
}
if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX))
return -1;
if (create_pkg_path(libdir, PKG_LIB_PREFIX, pkgname, PKG_LIB_POSTFIX))
return -1;
if (mkdir(pkgdir, 0755) < 0) {
LOGE("cannot create dir '%s': %s\n", pkgdir, strerror(errno));
return -errno;
}
if (chown(pkgdir, uid, gid) < 0) {
LOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
unlink(pkgdir);
return -errno;
}
if (mkdir(libdir, 0755) < 0) {
LOGE("cannot create dir '%s': %s\n", libdir, strerror(errno));
unlink(pkgdir);
return -errno;
}
if (chown(libdir, AID_SYSTEM, AID_SYSTEM) < 0) {
LOGE("cannot chown dir '%s': %s\n", libdir, strerror(errno));
unlink(libdir);
unlink(pkgdir);
return -errno;
}
return 0;
}
The 2nd and 3rd arguments let you specify an ARBITRARY uid that owns that package. I think we can either rebuild adb to always pass in uid 0 and gid 0 (this may not be possible; adb may not have anything to do with the uid/gid selected). Or maybe connect to the socket from an application on the phone, and then marshall the command manually. That would get an APK onto the phone running as root.
Gonna give this a shot right now.
Look at the beginning of the function.
Code:
if ((uid < AID_SYSTEM) || (gid < AID_SYSTEM)) {
LOGE("invalid uid/gid: %d %d\n", uid, gid);
return -1;
That will disallow installing something with root access. AID_SYSTEM is 1000, the root uid is 0 of course.
But if we could get an app installed as the system user.. that may open up some more possibilities.
Also, I believe the socket that installd listens on is protected. If I remember correctly, it is restricted to the system user.
JesusFreke said:
Look at the beginning of the function.
Code:
if ((uid < AID_SYSTEM) || (gid < AID_SYSTEM)) {
LOGE("invalid uid/gid: %d %d\n", uid, gid);
return -1;
That will disallow installing something with root access. AID_SYSTEM is 1000, the root uid is 0 of course.
But if we could get an app installed as the system user.. that may open up some more possibilities.
Also, I believe the socket that installd listens on is protected. If I remember correctly, it is restricted to the system user.
Click to expand...
Click to collapse
Ahh goddamnit.

Compiling custom modules... failed to insmod

Hi,
I am trying to make custom mtd module, to expand the mtd devices to read whole nand and i am using as an example msm_nand.c
So what i have done is added a few devices to mtd partition and compiled. But at the compilation ld says msm_dmov_exec_cmd in not found.. Does not sound good, because original msm_nand.c compiled good as well as the whole kernel.
Could someone help me?
Here is the code i added, i left last lines from the original and my addition due to the code length restriction here:
Code:
/* drivers/mtd/devices/msm_nand.c
.....
msm_nand_release_ex(&info->mtd);
dma_free_coherent(/*dev*/ NULL, SZ_4K,
info->msm_nand.dma_buffer,
info->msm_nand.dma_addr);
kfree(info);
}
return 0;
}
#define DRIVER_NAME "msm_nand_ex"
static struct platform_driver msm_nand_driver = {
.probe = msm_nand_probe,
.remove = __devexit_p(msm_nand_remove_ex),
.driver = {
.name = DRIVER_NAME,
}
};
MODULE_ALIAS(DRIVER_NAME);
#if defined(CONFIG_ARCH_MSM7X30)
#define MSM_NAND_PHYS 0xA0200000
#else
#define MSM_NAND_PHYS 0xA0A00000
#endif
static struct resource resources_nand[] = {
[0] = {
.name = "msm_nand_dmac",
.start = DMOV_NAND_CHAN,
.end = DMOV_NAND_CHAN,
.flags = IORESOURCE_DMA,
},
[1] = {
.name = "msm_nand_phys",
.start = MSM_NAND_PHYS,
.end = MSM_NAND_PHYS + 0x7FF,
.flags = IORESOURCE_MEM,
},
};
static struct mtd_partition nand_ex_partitions[] = {
{
.name = "bootloader",
.size = 0x00000016,
.offset = 0,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}, {
.name = "amss",
.size = 0x000000bf,
.offset = 0x00000016,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}, {
.name = "amss_fs",
.size = 0x00000058,
.offset = 0x000000d5,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}, {
.name = "fota0",
.size = 0x00000022,
.offset = 0x0000012d,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}, {
.name = "fota1",
.size = 0x00000022,
.offset = 0x0000014f,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}, {
.name = "recovery",
.size = 0x00000062,
.offset = 0x00000171,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}, {
.name = "dsp1",
.size = 0x000000a2,
.offset = 0x000001d3,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}, {
.name = "boot",
.size = 0x00000062,
.offset = 0x00000275,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}
};
struct flash_platform_data msm_nand_ex_data = {
.parts = nand_ex_partitions,
.nr_parts = ARRAY_SIZE(nand_ex_partitions),
};
static struct platform_device *msm_device_nand_ex;
static int __init msm_nand_init(void)
{
int ret;
msm_device_nand_ex = platform_device_alloc("msm_nand_ex", -1);
if (!msm_device_nand_ex)
return -ENOMEM;
ret = platform_device_add_data(msm_device_nand_ex, &msm_nand_ex_data,
sizeof(msm_nand_ex_data));
ret = platform_device_add_resources(msm_device_nand_ex, resources_nand,
ARRAY_SIZE(resources_nand));
printk("%s : res=%d\n", __FUNCTION__, ARRAY_SIZE(resources_nand));
if (ret == 0)
ret = platform_device_add(msm_device_nand_ex);
if (ret){
platform_device_put(msm_device_nand_ex);
return ret;
}
return platform_driver_register(&msm_nand_driver);
}
static void __exit msm_nand_exit(void)
{
platform_driver_unregister(&msm_nand_driver);
platform_device_unregister(msm_device_nand_ex);
}
module_init(msm_nand_init);
module_exit(msm_nand_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("msm_nand flash driver code");
And also i get in dmesg weird message that my kernel version string is wrong, though i used same kernel except the last modification string. And i can't find any other kernel..
Thanks guys!
you should edit the Makefile and set
EXTRAVERSION = <your kernel version>.
Yes i managed to bypass it but the insmod then says msm_dmov_exec_cmd is not found..
Weird..
anonymous2183 said:
you should edit the Makefile and set
EXTRAVERSION = <your kernel version>.
Click to expand...
Click to collapse

[?]How to read binary file in xna?

I need read 10 byte in fileName and save it into bitLevel
My code:
PHP:
test = 0;
byte[] bitLevel = new byte[10];
string fileName = "levels\\";
switch(iChap){
case 1: fileName += "beginner.dat";
break;
case 2: fileName += "normal.dat";
break;
case 3: fileName += "intermediate.dat";
break;
case 4: fileName += "expert.dat";
break;
}
using(FileStream fileStream = new FileStream(fileName, FileMode.Open, FileAccess.Read))
{
fileStream.Seek((iLevel - 1) * 10, SeekOrigin.Begin);
fileStream.Read(bitLevel, 0,10);
test = 1;
}
but bitLevel is empty
It seem it's not into codes under using, because I set test = 1; but it = 0;
can anybody help me?
//sorry my bad english
Use IsolatedStorageFile & IsolatedStorageFileStream instead of FileStream.
sensboston said:
Use IsolatedStorageFile & IsolatedStorageFileStream instead of FileStream.
Click to expand...
Click to collapse
is that ok?
can you show me demo code?
Code:
using (IsolatedStorageFile isf = IsolatedStorageFile.GetUserStoreForApplication())
try
{
using (IsolatedStorageFileStream inStream = new IsolatedStorageFileStream(fileName, FileMode.Open, isf))
{
byte[] buffer = new byte[10];
int numRead = inStream.Read(buffer, 0, 10);
Debug.Assert (numRead == 10);
}
}
catch (Exception e)
{
Debug.WriteLine(e.Message + "\n" + e.StackTrace);
}
But this code for ISF only; I don't really know where are your files located (as resources or may be content). You should understand what are you trying to read first
If you added these files as a content to your project, you should read 'em from the TitleContainer
Code:
using (var inStream = TitleContainer.OpenStream(fileName))
using (StreamReader streamReader = new StreamReader(inStream))
... and so on...

[REF] The All In One Guide for SGSA

There isn't really a wholesome guide for this device, which includes everything form flashing to compiling. So i am writing this guide.
Currently its being populated. This will contain everything - flashing, modding, compiling etc.
How to root SGSA : Look here
How to flash firmwares from sammobile using Odin : Look here
Rooting JB :
Download here : Root
How to :
1. Download the zip and place it in the root of your sd card.
PS : SD Card is a must.
2. Reboot to the stock recovery.
3. Select install update from external storage.
4. Select the root.zip file.
5. Viola
Enjoy your rooted JB.
Original post here.
Rooting GB :
Please note that this method will increase the binary counter. A more complex method to root GB is available here which doesn't increase the binary counter.
This kernel will provide you the standard stock kernel and also includes TWRP recovery.
( disclaimer )
I AM NOT TO BE HELD RESPONSIBLE IF YOU DAMAGE YOUR PHONE
Using Odin to flash this kernel WILL increase your binary counter.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
( features )
- Team Win Recovery Project 2.2.1
- CIFS Support
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
( how to install using Odin )
1. Restart into download mode by pressing Power + Home + Vol Down
2. Start Odin, and flash the attached kernel as PDA.
Remember to extract the attached file only once. if you end up with a kernel.bin.md5 you extracted twice!
Do not use the PIT, do not have any options checked except for "Auto reboot" and "F. Reset Time"
3. Wait for the device to reboot
( how to install using DD )
This method does not increase your binary counter, but your phone needs to be rooted so you can perform this!
IF YOU'RE NOT FAMILIAR WITH DD I RECOMMEND YOU TO AVOID THIS METHOD
1. Extract the attached file twice. You will end up with a kernel.bin.md5 file
2. Put the kernel.bin.md5 file to /sdcard
3. Start adb shell
4. Do the following commands:
Code:
$ su
# dd if=/sdcard/kernel.bin.md5 of=/dev/block/mmcblk0p15
# reboot
5. Wait for the device to reboot.
Click to expand...
Click to collapse
Download the pre-rooted kernel here.
Flashing with Odin :
Odin is the saviour tool for all Samsung devices. The method for flashing by Odin differs from device to device.
This thread will give step by step instructions on how to flash a stock rom from Odin on the GT-I9070/p :
A. Download Odin tools from here : Odin Tools
Pass : shaaan
B. Download the stock rom from : SamFirmware
Setting up Odin :
1. Make sure you have installed the necessary drivers for this device. The drivers can be installed from within KIES or seperately here.
2. Run Odin as administrator.
3. Setting up the files is divided in two types depending on the firmware type :
a. If the firmware is a multi package file, put the files in the corresponding sections.
ie. CSC file in CSC section, PDA file in PDA section.
b. If the firmware is a single package, add the single file in the PDA section.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
4. Now that Odin is setup, put the phone in download mode. To do that, power off the phone and press 'home+power+volume down' buttons together. Keep the buttons pressed till Download mode appears.
5. Now that Odin and the phone are setup, connect the phone to the device. Odin will detect the device and show something like 'com port (1)'
6. Flash the device.
7. The flash will take 5 minutes for a full flash on average.
8. When the flashing is complete, DO NOT remove the device until Odin shows ' PASS '.
9. The device will reboot. Remove the device, go to recovery mode and do a factory/data reset.
That's it. Happy flashing peeps..!!
ROM Modding
Now that we are done with basic things like rooting and flashing, let's move on to some complex stuff..
Tools needed -
1. Apktool
2. XUltimate for deodexing
3. Notepad ++
4. Baksmali manager ( attached )
5. DSIXDA's Android kitchen - only if you really want to use it. but i recommend doing everything manually.
Click to expand...
Click to collapse
Step I :
Setup Android SDK. Instructions here.
Once the SDK is setup, run the command "android" in command prompt. It should look something like this.
Make sure that your PC recognizes the device. Run the command "adb devices". It should show something like this.
Step II :
Once these basic things are setup, install apktool :
1. Download apktool.
2. There will be two files, they will be .bz2 files.
3. Create a new folder called apktool.
4. Put it here: C:\Users\<your username>\apktool.
5. Open these with 7zip. You’ll notice that inside there are .tar files.
6. Double-click the .tar file, and now you’ll see the files.
7. Extract the files from BOTH zips to your new apktool folder at C:\Users\<your username>\apktool.
8. You’ll have 3 files total now in your apktool folder: aapt.exe, apktool.bat, apktool.jar.
Click to expand...
Click to collapse
Now install Notepad++
Restart the computer.
Using apktool :
Generally it is not required to install the framework files, but apps like '/system/app/Settings.apk' need it.
The general commands for apktool are -
apktool d framework-res.apk -- Decompiles framework-res.apk
apktool b framework-res -- Builds the modified files
apktool if path_to_framework-res.apk -- Installs framework-res. Do the same for twframework-res
Click to expand...
Click to collapse
Preface :
OK a lot of people have been asking about building kernels, so here is my best shot at a tutorial. You guys shouldn't expect my little walk through here plus another person’s source to make you a "developer", all it will prove is that you can copy/paste. Also if you follow this guide, I am not responsible for anything that you may do that results in destruction, death, or other negative side-affects. You really shouldn't be messing with this stuff unless you know what you are doing, or doing a LOT of research along the way.
However please use this guide as a springboard for knowledge, to give you some key terms to google, to turn on those lightbulbs in your head and get those gears churning.
Note: This is not a newbie's guide to Linux. Before you post your question please look at it. If it involves the syntax of the command/what a command does you need to do your own research elsewhere before attempting to continue with this guide.
Click to expand...
Click to collapse
I. Setting up the environment :
A. Install Ubuntu 12.04 (Not holding your hand here, if you can't do this you shouldn't be messing with kernels)
B. Installing required packages: Type this code into the terminal.
Code:
For 32 and 64 bit systems :
sudo apt-get install git-core gnupg flex bison gperf libsdl1.2-dev libesd0-dev libwxgtk2.8-dev squashfs-tools build-essential zip curl
libncurses5-dev zlib1g-dev openjdk-6-jre openjdk-6-jdk pngcrush schedtool
For 64 bit systems only :
g++-multilib lib32z1-dev lib32ncurses5-dev lib32readline-gplv2-dev gcc-4.7-multilib g++-4.5-multilib
Also make sure you have ADB installed. Its a must.
C. Open a terminal
D. Type "mkdir -p android/kernel"
The above steps explained:
A. Installing a linux distro. You could really install any Linux distro however Ubuntu in my eyes is the easy to use and install, and widely supported.
B. Installing needed packages. These are needed for building the kernel. No I can't tell you what every single package does, it is your job to research and figure that out.
C. Ummm...duh?
D. Building a directory structure that will help keep us organized. The "mkdir" command creates a directory. The more you type these commands the more familiar you will become with them.
Click to expand...
Click to collapse
II. Downloading the source :
A. Download the relevant source from the Samsung Opensource Website
B. Once the source is download, extract it into the "android/kernel" directory that we made in the previous step.
C. Grab your desired toolchain. I generally recommend the CodeSourcery toolchain.
Click to expand...
Click to collapse
III. Modifications :
This is the part people are curious about, they want to make modifications to the kernel to make it "special". Start all these from the root directory of your kernel source.
Mod 1. Applying a patch
A. Download the patch you wish to apply, in this case this one should work.
B. Save that file as "kernelPatch" in your kernel directory.
C. Open a Terminal
D. Move into the root directory of the kernel you wish to patch.
E. Type "patch -p1 < ../kernelPatch"
The above steps explained:
A. Pretty simple, I mean we need a patch. The patch itself is quite simply a diff between the original kernel source tree and the source tree containing the changes. I'll post a quick tutorial on how to create a patch in the third post. The patch above contains multiple governors to be added to your kernel.
B. Self-explanatory
C. Self-explanatory
D. Self-explanatory
E. Basically we run the patch command on our source using the patch we downloaded previously. The "patch" portion is the binary itself, the "-p1" option allows you to control the number of forward slashes to remove from file paths(You'll need to look at this option more if you are using weird directory structures or applying the patches from a odd location). The "<" operator directs the content of our "../kernelPatch" file into the command.
Click to expand...
Click to collapse
Mod 2. Adding a Governor
A. Open "drivers/cpufreq/Kconfig"
B. Add the following lines in appropriate spot amongst the other govenor's
Code:
config CPU_FREQ_DEFAULT_GOV_SMARTASS
bool "smartass"
select CPU_FREQ_GOV_SMARTASS
select CPU_FREQ_GOV_PERFORMANCE
help
Use the CPUFreq governor 'smartass' as default.
Code:
config CPU_FREQ_GOV_SMARTASS
tristate "'smartass' cpufreq governor"
depends on CPU_FREQ
help
smartass' - a "smart" optimized governor!
If in doubt, say N.
C. Open "drivers/cpufreq/Makefile"
D. Add the following line in the appropriate spot.
Code:
obj-$(CONFIG_CPU_FREQ_GOV_SMARTASS) += cpufreq_smartass.o
E. Create a file called "drivers/cpufreq/cpufreq_smartass.c"
F. Put the following code in that file.
Code:
/*
* drivers/cpufreq/cpufreq_smartass.c
*
* Copyright (C) 2010 Google, Inc.
*
* This software is licensed under the terms of the GNU General Public
* License version 2, as published by the Free Software Foundation, and
* may be copied, distributed, and modified under those terms.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* Author: Erasmux
*
* Based on the interactive governor By Mike Chan ([email protected])
* which was adaptated to 2.6.29 kernel by Nadlabak ([email protected])
*
* requires to add
* EXPORT_SYMBOL_GPL(nr_running);
* at the end of kernel/sched.c
*
*/
#include <linux/cpu.h>
#include <linux/cpumask.h>
#include <linux/cpufreq.h>
#include <linux/sched.h>
#include <linux/tick.h>
#include <linux/timer.h>
#include <linux/workqueue.h>
#include <linux/moduleparam.h>
#include <asm/cputime.h>
#include <linux/earlysuspend.h>
static void (*pm_idle_old)(void);
static atomic_t active_count = ATOMIC_INIT(0);
struct smartass_info_s {
struct cpufreq_policy *cur_policy;
struct timer_list timer;
u64 time_in_idle;
u64 idle_exit_time;
unsigned int force_ramp_up;
unsigned int enable;
};
static DEFINE_PER_CPU(struct smartass_info_s, smartass_info);
/* Workqueues handle frequency scaling */
static struct workqueue_struct *up_wq;
static struct workqueue_struct *down_wq;
static struct work_struct freq_scale_work;
static u64 freq_change_time;
static u64 freq_change_time_in_idle;
static cpumask_t work_cpumask;
static unsigned int suspended;
/*
* The minimum amount of time to spend at a frequency before we can ramp down,
* default is 45ms.
*/
#define DEFAULT_DOWN_RATE_US 20000
static unsigned long down_rate_us;
/*
* When ramping up frequency with no idle cycles jump to at least this frequency.
* Zero disables. Set a very high value to jump to policy max freqeuncy.
*/
#define DEFAULT_UP_MIN_FREQ 1152000
static unsigned int up_min_freq;
/*
* When sleep_max_freq>0 the frequency when suspended will be capped
* by this frequency. Also will wake up at max frequency of policy
* to minimize wakeup issues.
* Set sleep_max_freq=0 to disable this behavior.
*/
#define DEFAULT_SLEEP_MAX_FREQ 537600
static unsigned int sleep_max_freq;
/*
* Sampling rate, I highly recommend to leave it at 2.
*/
#define DEFAULT_SAMPLE_RATE_JIFFIES 2
static unsigned int sample_rate_jiffies;
/*
* Freqeuncy delta when ramping up.
* zero disables causes to always jump straight to max frequency.
*/
#define DEFAULT_RAMP_UP_STEP 614400
static unsigned int ramp_up_step;
/*
* Max freqeuncy delta when ramping down. zero disables.
*/
#define DEFAULT_MAX_RAMP_DOWN 384000
static unsigned int max_ramp_down;
/*
* CPU freq will be increased if measured load > max_cpu_load;
*/
#define DEFAULT_MAX_CPU_LOAD 75
static unsigned long max_cpu_load;
/*
* CPU freq will be decreased if measured load < min_cpu_load;
*/
#define DEFAULT_MIN_CPU_LOAD 30
static unsigned long min_cpu_load;
static int cpufreq_governor_smartass(struct cpufreq_policy *policy,
unsigned int event);
#ifndef CONFIG_CPU_FREQ_DEFAULT_GOV_SMARTASS
static
#endif
struct cpufreq_governor cpufreq_gov_smartass = {
.name = "smartass",
.governor = cpufreq_governor_smartass,
.max_transition_latency = 6000000,
.owner = THIS_MODULE,
};
static void cpufreq_smartass_timer(unsigned long data)
{
u64 delta_idle;
u64 update_time;
u64 now_idle;
struct smartass_info_s *this_smartass = &per_cpu(smartass_info, data);
struct cpufreq_policy *policy = this_smartass->cur_policy;
now_idle = get_cpu_idle_time_us(data, &update_time);
if (update_time == this_smartass->idle_exit_time)
return;
delta_idle = cputime64_sub(now_idle, this_smartass->time_in_idle);
//printk(KERN_INFO "smartass: t=%llu i=%llu\n",cputime64_sub(update_time,this_smartass->idle_exit_time),delta_idle);
/* Scale up if there were no idle cycles since coming out of idle */
if (delta_idle == 0) {
if (policy->cur == policy->max)
return;
if (nr_running() < 1)
return;
this_smartass->force_ramp_up = 1;
cpumask_set_cpu(data, &work_cpumask);
queue_work(up_wq, &freq_scale_work);
return;
}
/*
* There is a window where if the cpu utlization can go from low to high
* between the timer expiring, delta_idle will be > 0 and the cpu will
* be 100% busy, preventing idle from running, and this timer from
* firing. So setup another timer to fire to check cpu utlization.
* Do not setup the timer if there is no scheduled work.
*/
if (!timer_pending(&this_smartass->timer) && nr_running() > 0) {
this_smartass->time_in_idle = get_cpu_idle_time_us(
data, &this_smartass->idle_exit_time);
mod_timer(&this_smartass->timer, jiffies + sample_rate_jiffies);
}
if (policy->cur == policy->min)
return;
/*
* Do not scale down unless we have been at this frequency for the
* minimum sample time.
*/
if (cputime64_sub(update_time, freq_change_time) < down_rate_us)
return;
cpumask_set_cpu(data, &work_cpumask);
queue_work(down_wq, &freq_scale_work);
}
static void cpufreq_idle(void)
{
struct smartass_info_s *this_smartass = &per_cpu(smartass_info, smp_processor_id());
struct cpufreq_policy *policy = this_smartass->cur_policy;
pm_idle_old();
if (!cpumask_test_cpu(smp_processor_id(), policy->cpus))
return;
/* Timer to fire in 1-2 ticks, jiffie aligned. */
if (timer_pending(&this_smartass->timer) == 0) {
this_smartass->time_in_idle = get_cpu_idle_time_us(
smp_processor_id(), &this_smartass->idle_exit_time);
mod_timer(&this_smartass->timer, jiffies + sample_rate_jiffies);
}
}
/*
* Choose the cpu frequency based off the load. For now choose the minimum
* frequency that will satisfy the load, which is not always the lower power.
*/
static unsigned int cpufreq_smartass_calc_freq(unsigned int cpu, struct cpufreq_policy *policy)
{
unsigned int delta_time;
unsigned int idle_time;
unsigned int cpu_load;
unsigned int new_freq;
u64 current_wall_time;
u64 current_idle_time;
current_idle_time = get_cpu_idle_time_us(cpu, &current_wall_time);
idle_time = (unsigned int)( current_idle_time - freq_change_time_in_idle );
delta_time = (unsigned int)( current_wall_time - freq_change_time );
cpu_load = 100 * (delta_time - idle_time) / delta_time;
//printk(KERN_INFO "Smartass calc_freq: delta_time=%u cpu_load=%u\n",delta_time,cpu_load);
if (cpu_load < min_cpu_load) {
cpu_load += 100 - max_cpu_load; // dummy load.
new_freq = policy->cur * cpu_load / 100;
if (max_ramp_down && new_freq < policy->cur - max_ramp_down)
new_freq = policy->cur - max_ramp_down;
//printk(KERN_INFO "Smartass calc_freq: %u => %u\n",policy->cur,new_freq);
return new_freq;
} if (cpu_load > max_cpu_load) {
if (ramp_up_step)
new_freq = policy->cur + ramp_up_step;
else
new_freq = policy->max;
return new_freq;
}
return policy->cur;
}
/* We use the same work function to sale up and down */
static void cpufreq_smartass_freq_change_time_work(struct work_struct *work)
{
unsigned int cpu;
unsigned int new_freq;
struct smartass_info_s *this_smartass;
struct cpufreq_policy *policy;
cpumask_t tmp_mask = work_cpumask;
for_each_cpu(cpu, tmp_mask) {
this_smartass = &per_cpu(smartass_info, cpu);
policy = this_smartass->cur_policy;
if (this_smartass->force_ramp_up) {
this_smartass->force_ramp_up = 0;
if (nr_running() == 1) {
cpumask_clear_cpu(cpu, &work_cpumask);
return;
}
if (policy->cur == policy->max)
return;
if (ramp_up_step)
new_freq = policy->cur + ramp_up_step;
else
new_freq = policy->max;
if (suspended && sleep_max_freq) {
if (new_freq > sleep_max_freq)
new_freq = sleep_max_freq;
} else {
if (new_freq < up_min_freq)
new_freq = up_min_freq;
}
} else {
new_freq = cpufreq_smartass_calc_freq(cpu,policy);
// in suspend limit to sleep_max_freq and
// jump straight to sleep_max_freq to avoid wakeup problems
if (suspended && sleep_max_freq &&
(new_freq > sleep_max_freq || new_freq > policy->cur))
new_freq = sleep_max_freq;
}
if (new_freq > policy->max)
new_freq = policy->max;
if (new_freq < policy->min)
new_freq = policy->min;
__cpufreq_driver_target(policy, new_freq,
CPUFREQ_RELATION_L);
freq_change_time_in_idle = get_cpu_idle_time_us(cpu,
&freq_change_time);
cpumask_clear_cpu(cpu, &work_cpumask);
}
}
static ssize_t show_down_rate_us(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%lu\n", down_rate_us);
}
static ssize_t store_down_rate_us(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0 && input >= 1000 && input <= 100000000)
down_rate_us = input;
return res;
}
static struct freq_attr down_rate_us_attr = __ATTR(down_rate_us, 0644,
show_down_rate_us, store_down_rate_us);
static ssize_t show_up_min_freq(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%u\n", up_min_freq);
}
static ssize_t store_up_min_freq(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0 && input >= 0)
up_min_freq = input;
return res;
}
static struct freq_attr up_min_freq_attr = __ATTR(up_min_freq, 0644,
show_up_min_freq, store_up_min_freq);
static ssize_t show_sleep_max_freq(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%u\n", sleep_max_freq);
}
static ssize_t store_sleep_max_freq(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0 && input >= 0)
sleep_max_freq = input;
return res;
}
static struct freq_attr sleep_max_freq_attr = __ATTR(sleep_max_freq, 0644,
show_sleep_max_freq, store_sleep_max_freq);
static ssize_t show_sample_rate_jiffies(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%u\n", sample_rate_jiffies);
}
static ssize_t store_sample_rate_jiffies(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0 && input > 0 && input <= 1000)
sample_rate_jiffies = input;
return res;
}
static struct freq_attr sample_rate_jiffies_attr = __ATTR(sample_rate_jiffies, 0644,
show_sample_rate_jiffies, store_sample_rate_jiffies);
static ssize_t show_ramp_up_step(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%u\n", ramp_up_step);
}
static ssize_t store_ramp_up_step(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0)
ramp_up_step = input;
return res;
}
static struct freq_attr ramp_up_step_attr = __ATTR(ramp_up_step, 0644,
show_ramp_up_step, store_ramp_up_step);
static ssize_t show_max_ramp_down(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%u\n", max_ramp_down);
}
static ssize_t store_max_ramp_down(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0)
max_ramp_down = input;
return res;
}
static struct freq_attr max_ramp_down_attr = __ATTR(max_ramp_down, 0644,
show_max_ramp_down, store_max_ramp_down);
static ssize_t show_max_cpu_load(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%lu\n", max_cpu_load);
}
static ssize_t store_max_cpu_load(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0 && input > 0 && input <= 100)
max_cpu_load = input;
return res;
}
static struct freq_attr max_cpu_load_attr = __ATTR(max_cpu_load, 0644,
show_max_cpu_load, store_max_cpu_load);
static ssize_t show_min_cpu_load(struct cpufreq_policy *policy, char *buf)
{
return sprintf(buf, "%lu\n", min_cpu_load);
}
static ssize_t store_min_cpu_load(struct cpufreq_policy *policy, const char *buf, size_t count)
{
ssize_t res;
unsigned long input;
res = strict_strtoul(buf, 0, &input);
if (res >= 0 && input > 0 && input < 100)
min_cpu_load = input;
return res;
}
static struct freq_attr min_cpu_load_attr = __ATTR(min_cpu_load, 0644,
show_min_cpu_load, store_min_cpu_load);
static struct attribute * smartass_attributes[] = {
&down_rate_us_attr.attr,
&up_min_freq_attr.attr,
&sleep_max_freq_attr.attr,
&sample_rate_jiffies_attr.attr,
&ramp_up_step_attr.attr,
&max_ramp_down_attr.attr,
&max_cpu_load_attr.attr,
&min_cpu_load_attr.attr,
NULL,
};
static struct attribute_group smartass_attr_group = {
.attrs = smartass_attributes,
.name = "smartass",
};
static int cpufreq_governor_smartass(struct cpufreq_policy *new_policy,
unsigned int event)
{
unsigned int cpu = new_policy->cpu;
int rc;
struct smartass_info_s *this_smartass = &per_cpu(smartass_info, cpu);
switch (event) {
case CPUFREQ_GOV_START:
if ((!cpu_online(cpu)) || (!new_policy->cur))
return -EINVAL;
if (this_smartass->enable) /* Already enabled */
break;
/*
* Do not register the idle hook and create sysfs
* entries if we have already done so.
*/
if (atomic_inc_return(&active_count) > 1)
return 0;
rc = sysfs_create_group(&new_policy->kobj, &smartass_attr_group);
if (rc)
return rc;
pm_idle_old = pm_idle;
pm_idle = cpufreq_idle;
this_smartass->cur_policy = new_policy;
this_smartass->cur_policy->max = CONFIG_MSM_CPU_FREQ_ONDEMAND_MAX;
this_smartass->cur_policy->min = CONFIG_MSM_CPU_FREQ_ONDEMAND_MIN;
this_smartass->cur_policy->cur = CONFIG_MSM_CPU_FREQ_ONDEMAND_MAX;
this_smartass->enable = 1;
// notice no break here!
case CPUFREQ_GOV_LIMITS:
if (this_smartass->cur_policy->cur != new_policy->max)
__cpufreq_driver_target(new_policy, new_policy->max, CPUFREQ_RELATION_H);
break;
case CPUFREQ_GOV_STOP:
this_smartass->enable = 0;
if (atomic_dec_return(&active_count) > 1)
return 0;
sysfs_remove_group(&new_policy->kobj,
&smartass_attr_group);
pm_idle = pm_idle_old;
del_timer(&this_smartass->timer);
break;
}
return 0;
}
static void smartass_suspend(int cpu, int suspend)
{
struct smartass_info_s *this_smartass = &per_cpu(smartass_info, smp_processor_id());
struct cpufreq_policy *policy = this_smartass->cur_policy;
unsigned int new_freq;
if (!this_smartass->enable || sleep_max_freq==0) // disable behavior for sleep_max_freq==0
return;
if (suspend) {
if (policy->cur > sleep_max_freq) {
new_freq = sleep_max_freq;
if (new_freq > policy->max)
new_freq = policy->max;
if (new_freq < policy->min)
new_freq = policy->min;
__cpufreq_driver_target(policy, new_freq,
CPUFREQ_RELATION_H);
}
} else { // resume at max speed:
__cpufreq_driver_target(policy, policy->max,
CPUFREQ_RELATION_H);
}
}
static void smartass_early_suspend(struct early_suspend *handler) {
int i;
suspended = 1;
for_each_online_cpu(i)
smartass_suspend(i,1);
}
static void smartass_late_resume(struct early_suspend *handler) {
int i;
suspended = 0;
for_each_online_cpu(i)
smartass_suspend(i,0);
}
static struct early_suspend smartass_power_suspend = {
.suspend = smartass_early_suspend,
.resume = smartass_late_resume,
};
static int __init cpufreq_smartass_init(void)
{
unsigned int i;
struct smartass_info_s *this_smartass;
down_rate_us = DEFAULT_DOWN_RATE_US;
up_min_freq = DEFAULT_UP_MIN_FREQ;
sleep_max_freq = DEFAULT_SLEEP_MAX_FREQ;
sample_rate_jiffies = DEFAULT_SAMPLE_RATE_JIFFIES;
ramp_up_step = DEFAULT_RAMP_UP_STEP;
max_ramp_down = DEFAULT_MAX_RAMP_DOWN;
max_cpu_load = DEFAULT_MAX_CPU_LOAD;
min_cpu_load = DEFAULT_MIN_CPU_LOAD;
suspended = 0;
/* Initalize per-cpu data: */
for_each_possible_cpu(i) {
this_smartass = &per_cpu(smartass_info, i);
this_smartass->enable = 0;
this_smartass->force_ramp_up = 0;
this_smartass->time_in_idle = 0;
this_smartass->idle_exit_time = 0;
// intialize timer:
init_timer_deferrable(&this_smartass->timer);
this_smartass->timer.function = cpufreq_smartass_timer;
this_smartass->timer.data = i;
}
/* Scale up is high priority */
up_wq = create_rt_workqueue("ksmartass_up");
down_wq = create_workqueue("ksmartass_down");
INIT_WORK(&freq_scale_work, cpufreq_smartass_freq_change_time_work);
register_early_suspend(&smartass_power_suspend);
return cpufreq_register_governor(&cpufreq_gov_smartass);
}
#ifdef CONFIG_CPU_FREQ_DEFAULT_GOV_SMARTASS
pure_initcall(cpufreq_smartass_init);
#else
module_init(cpufreq_smartass_init);
#endif
static void __exit cpufreq_smartass_exit(void)
{
cpufreq_unregister_governor(&cpufreq_gov_smartass);
destroy_workqueue(up_wq);
destroy_workqueue(down_wq);
}
module_exit(cpufreq_smartass_exit);
MODULE_AUTHOR ("Erasmux");
MODULE_DESCRIPTION ("'cpufreq_smartass' - A smart cpufreq governor");
MODULE_LICENSE ("GPL");
G. open "include/linux/cpufreq.h"
H. Under the "Cpufreq Default" section add
Code:
#elif defined(CONFIG_CPU_FREQ_DEFAULT_GOV_SMARTASS)
extern struct cpufreq_governor cpufreq_gov_smartass;
#define CPUFREQ_DEFAULT_GOVERNOR (&cpufreq_gov_smartass)
Ok there is a governor added, do the exact same steps for any other one's you would like to add.
The above steps explained:
A. Just opening a file, you guys have this. The Kconfig ties into our "make menuconfig" command later, making our mod a selectable option.
B. Adding the appropriate code for our governor to get it in our .config file. The first chunk would allow us to set our governor as the default one for our kernel, the other allows us to totally remove or add it to the build as we wish.
C-D. This step tells the linker to tie our module in with the rest of the code.
E-F. Creating the actually governor itself, don't skip this step. I would suggest reading through this and trying to understand how it works, it's some pretty awesome stuff.
G-H. Open a file and add the code needed to tie our module into the rest of the source. Without this we would not be able to compile due to the rest of the source not knowing our module exists.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
IV. Getting a Config File :
Samsung now doesn't support grabbing the kernel config from "/proc/config". So we have the alternative method of using the stock config from "/arch/arm/config". Use the README to get a better understanding of how the config file works.
Click to expand...
Click to collapse
V. Building :
Time to start the real "build" section of this tutorial.
Part A. Pre-build Steps
A. Open terminal and change to the root of your kernel directory
B. Type "export ARCH=arm"
C. Type "export CROSS_COMPILE=~/android/kernel/toolchains/arm-eabi-linaro-4.6.2/bin/arm-eabi-"
Part B. The First Build
A. Type "make <your_config_name>_defconfig"
B. Type "make menuconfig" and make the required changes to use any modules you added or similar changes.
C. Type "make -j<maximum number of jobs>"
Part C. Re-Builds
A. Type "make clean"
B. Type "make oldconfig"
C. Type "make -j<maximum number of jobs>"
Part D. Building Modules
You have two options:
A. Type "make modules"
B. Type "make path/to/your/module.ko"
Alternatively, you can use this build script here[/URL.]
Click to expand...
Click to collapse
Above steps explained :
Part A.(These steps are required every time you close your terminal and re-open it to build again.)
A. Ok shouldn’t need to explain this.
B. This command sets your target architecture.
C. Defines the path to the toolchain we are going to use to compile our kernel. You can change this to point towards whatever toolchain you have downloaded or feel like using, the way it is currently configured it will use the Linaro toolchain that we downloaded above.
Part B.(These only need to be run the first time you build a kernel.)
A. Load's your configuration file from earlier.
B. Open up a menu to configure your kernel. It will use the config file you loaded in the previous step as a base.
C. Viola start the build. I typically allow 1 job per core, so on my quad core machine I put "make -j4". Just raising that number will not make your build faster, your processor needs to be able to support the number of jobs you are assigning it.
Part C. (Use the command's when you are building any-time outside of the first)
A. This command gets rid of any old/outdated binaries or modules you compiled before, and let's start fresh. I like to run it every I build unless my changes are really small and localized.
B. A very awesome command, it parses through what has changed and only prompts you about new options.
C. See the explanation for the above "Part C.".
Part D.(Use these for just building kernel modules.)
A. This will re-build all modules.
B. Will rebuild just the module you need. Very useful when you need to rebuild a WiFi module.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
VI. Now What ?
Ok we have now started our build and we are waiting for it to finish, so there are two possible outcomes:
Outcome A. Build Succeds
W00t!! You have a kernel built by your self from source. There are a couple things you need in-order to use this kernel on your device any ".ko" modules and the zImage binary. If you pay attention to the output of your compiler then you will see the location of those objects. However the following commands will make your life a bit easier(Thanks Recognized Developer Hacre):
A. Open a terminal
B. Change to your root kernel directory
C. Type "mkdir ../<your_kernel>_output"
D. Type "cp arch/arm/boot/zImage ../<your_kernel>_output/zImage"
E. Type "find . -name "*.ko" -exec cp {} ../<your_kernel>_output \;"
The above steps explained:
A-C. Self-Explanatory
D. Move our kernel binary into our output folder
E. This handy bit of magic finds all ".ko" modules and also copies them into your output file.
You will also need to assemble a kernel image containing a initramfs for your device, along with the kernel binary and such. Getting the ramdisk from a bin file isn't really easy, but i have attached a script that should do the work. Just remove the .txt extension and chmod it to a+x.
Click to expand...
Click to collapse
Outcome B : Build Fails
Oh dear. It failed. Well guess what...this is going to happen..a LOT. Get used to it, and get used to googling and experimenting with different solutions. The following are some tips that will help you with debugging your issues.
Running a "Clean" build
A. Backup your config file(Type "cp .config ../backupConfig")
B. Re-run the build process using just your defconfig from earlier.
Limiting Output(Thanks Hacre.)
A. Another good tip is to run "make -j1" to get the error, as it will limit the amount of text you need to scroll through.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
While the kernel is compiling, it should show something like this :
When the kernel compile is complete, it should show something like this :
Tips :
I. In the defconfig file, remove the SHRM file signature verification or RIL won't work.
II. Use "make menuconfig" to access a GUI and modify the kernel parameters.
FAQ's :
Q. Can i downgrade the device if i upgrade it to JB ?
A. Yes. You can. There is a detailed guide in the development section. Please refer it before posting.
Credits :
thewadegeek form whose kernel compiling guide, i copy pasted loads of stuff
users for their support
Click to expand...
Click to collapse
Feel something is missing ? Please let me know. I will be happy to update the guide.
Good job dude , keep up u r doing great , thanks lot ^_*
Can I flash whole XXLPZ via odin the same way? Coz my ota doesn't show any update.
And will the root method work then too?
Sent from my GT-I9070 using xda premium
atishey23 said:
Can I flash whole XXLPZ via odin the same way? Coz my ota doesn't show any update.
And will the root method work then too?
Sent from my GT-I9070 using xda premium
Click to expand...
Click to collapse
yes and yes. worked for me, improved performance for me
i think they should pin this thread
popup error
after i flash xxlpz via odin it reboots perfectly and stuck at language chooser. cant finish setup because of popup error "unfortunately com.google.process has stopped" any fix?
Одг: [REF] The All In One Guide for SGSA
ianmcgui said:
after i flash xxlpz via odin it reboots perfectly and stuck at language chooser. cant finish setup because of popup error "unfortunately com.google.process has stopped" any fix?
Click to expand...
Click to collapse
Read a bit!
http://forum.xda-developers.com/showthread.php?p=37246645
Sent from Galaxy S Advance
thanks...good going
thanks, waiting for more :good:
OP updated.
perfect guide
gr8 work.................. i wish i could find this type of guide before i root 1st time so that my binary count wont increase
btw there is any other way for zero binary count??? (i know about triangle away & jib and try both on my sgsa but dont work
and i have 1 problem if u have sol. than plz reply.. in my sgsa "wap setting" can not be installed which is sent by service providers (i.e bsnllive , docomo divein etc) it gives me unable to read
any one having this type of problem???/
great guide..btw i have a problem.. i have installed everything and when i perform a task the terminal want the password which i cant seem to be able to input! i cant do anything because of that! any workaround?
Brainiac.shri said:
great guide..btw i have a problem.. i have installed everything and when i perform a task the terminal want the password which i cant seem to be able to input! i cant do anything because of that! any workaround?
Click to expand...
Click to collapse
Since you don't state it clearly, i guess that you are talking about the commands in Ubuntu!
When you enter the password in the Ubuntu terminal, it isn't showed for security reasons.
So, just type the password and press enter!
Sent from my GT-I9070 using xda premium
Shaaan said:
Since you don't state it clearly, i guess that you are talking about the commands in Ubuntu!
When you enter the password in the Ubuntu terminal, it isn't showed for security reasons.
So, just type the password and press enter!
Sent from my GT-I9070 using xda premium
Click to expand...
Click to collapse
nope! doesnt work! but still logged into ubuntu and tried again and still not working. i remember the password(i just used it to log into the OS) just do not see the problem!
EDIT: doesnt work for certain commands! i tried rooting it just for fun and there the password was accepted just fine!
Frankly speaking after spending a lot of time on XDA, I feel like Developing something for our dear phone! So like which is easier, safer and/or quicker to develop.. A Kernel or a Custom ROM..?
If Kernel.. how can I do that? Download stock kernel and modify it?
If ROM.. where to start? Download the firmware and start modifying it?
PS: I'm not trolling... I'm serious
Sami Kabir said:
Frankly speaking after spending a lot of time on XDA, I feel like Developing something for our dear phone! So like which is easier, safer and/or quicker to develop.. A Kernel or a Custom ROM..?
If Kernel.. how can I do that? Download stock kernel and modify it?
If ROM.. where to start? Download the firmware and start modifying it?
PS: I'm not trolling... I'm serious
Click to expand...
Click to collapse
Step by step ROM making guide. Heat up your PC chair by reading!!! But, as I know you - you will ask for explanation.
http://forum.xda-developers.com/showthread.php?t=1801690

Decrypting WhatsApp crypt12 files

I will just leave this here. :good:
Python:
Code:
#!/usr/bin/env python
""" decrypt12.py: Decrypts WhatsApp msgstore.db.crypt12 files. """
""" Requires pycrypto and pycryptodome packages. """
__author__ = 'TripCode'
__copyright__ = 'Copyright (C) 2016'
__license__ = 'GPLv3'
__status__ = 'Production'
__version__ = '1.0'
from Crypto.Cipher import AES
import os
import sys
import zlib
def keyfile(kf):
global t1, key
if os.path.isfile(kf) == False:
quit('The specified input key file does not exist.')
elif os.path.getsize(kf) != 158:
quit('The specified input key file is invalid.')
with open(kf, 'rb') as keyfile:
keyfile.seek(30)
t1 = keyfile.read(32)
keyfile.seek(126)
key = keyfile.read(32)
return True
def decrypt12(cf, of):
global t2, iv
if os.path.isfile(cf) == False:
quit('The specified input crypt12 file does not exist.')
tf = cf+'.tmp'
with open(cf, 'rb') as crypt12:
crypt12.seek(3)
t2 = crypt12.read(32)
if t1 != t2:
quit('Key file mismatch or crypt12 file is corrupt.')
crypt12.seek(51)
iv = crypt12.read(16)
crypt12.seek(67)
primer(tf, crypt12, 20)
cipher = AES.new(key, AES.MODE_GCM, iv)
sqlite = zlib.decompress(cipher.decrypt(open(tf, 'rb').read()))
with open(of, 'wb') as msgstore:
msgstore.write(sqlite)
msgstore.close()
os.remove(tf)
return True
def primer(tf, crypt12, sb):
with open(tf, 'wb') as header:
header.write(crypt12.read())
header.close()
with open(tf, 'rb+') as footer:
footer.seek(-sb, os.SEEK_END)
footer.truncate()
footer.close()
def validate(ms):
with open(ms, 'rb') as msgstore:
if msgstore.read(6).decode('ascii').lower() != 'sqlite':
os.remove(ms)
msg = 'Decryption of crypt12 file has failed.'
else:
msg = 'Decryption of crypt12 file was successful.'
msgstore.close()
quit(msg)
def main():
if len(sys.argv) > 2 and len(sys.argv) < 5:
if len(sys.argv) == 3:
outfile = 'msgstore.db'
else:
outfile = sys.argv[3]
if keyfile(sys.argv[1]) and decrypt12(sys.argv[2], outfile):
validate(outfile)
else:
print('\nWhatsApp Crypt12 Database Decrypter '+__version__+' '+__copyright__+' by '+__author__+'\n')
print('\tUsage: python '+str(sys.argv[0])+' key msgstore.db.crypt12 msgstore.db\n')
if __name__ == "__main__":
main()
Code:
Usage: python decrypt12.py key msgstore.db.crypt12 msgstore.db
Java:
Code:
package decrypt12;
/*
*
*** decrypt12.jar: Decrypts WhatsApp msgstore.db.crypt12 files. ***
*
* Author : TripCode
* Copyright : Copyright (C) 2016
* License : GPLv3
* Status : Production
* Version : 1.0
*
*/
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.RandomAccessFile;
import java.security.Security;
import java.util.zip.Inflater;
import java.util.zip.InflaterInputStream;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
// import org.spongycastle.jce.provider.BouncyCastleProvider; // Android
public class decrypt12 {
static {
Security.insertProviderAt(new org.bouncycastle.jce.provider.BouncyCastleProvider(), 1);
// Security.insertProviderAt(new org.spongycastle.jce.provider.BouncyCastleProvider(), 1); // Android
}
public static void decrypt(String KeyFile, String C12File, String SQLFile) throws Exception {
final File tempFile = new File(System.getProperty("java.io.tmpdir") + "/"
+ (int) (System.currentTimeMillis() / 1000L) + "-msgstore.enc");
if (!new File(KeyFile).isFile())
quit("The specified input key file does not exist.");
else if (new File(KeyFile).length() != 158)
quit("The specified input key file is invalid.");
else if (!new File(C12File).isFile())
quit("The specified input crypt12 file does not exist.");
InputStream KeyIn = new FileInputStream(KeyFile);
InputStream WdbIn = new BufferedInputStream(new FileInputStream(C12File));
byte[] KeyData = new byte[158];
KeyIn.read(KeyData);
byte[] T1 = new byte[32];
System.arraycopy(KeyData, 30, T1, 0, 32);
byte[] KEY = new byte[32];
System.arraycopy(KeyData, 126, KEY, 0, 32);
KeyIn.close();
byte[] C12Data = new byte[67];
WdbIn.read(C12Data);
byte[] T2 = new byte[32];
System.arraycopy(C12Data, 3, T2, 0, 32);
byte[] IV = new byte[16];
System.arraycopy(C12Data, 51, IV, 0, 16);
if (!new String(T1, 0, T1.length, "ASCII").equals(new String(T2, 0, T2.length, "ASCII")))
quit("Key file mismatch or crypt12 file is corrupt.");
int InputLength = WdbIn.available();
RandomAccessFile raf = new RandomAccessFile(tempFile, "rw");
byte[] tempBuffer = new byte[1024];
int I;
while ((I = WdbIn.read(tempBuffer)) != -1)
raf.write(tempBuffer, 0, I);
raf.setLength(InputLength - 20);
raf.close();
WdbIn.close();
InputStream PdbSt = new BufferedInputStream(new FileInputStream(tempFile));
Cipher cipher;
Security.addProvider(new BouncyCastleProvider());
cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC"); // BouncyCastle
// cipher = Cipher.getInstance("AES/GCM/NoPadding", "SC"); // SpongyCastle (Android)
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(KEY, "AES"), new IvParameterSpec(IV));
CipherInputStream CipherStream = new CipherInputStream(PdbSt, cipher);
InflaterInputStream CryptOutput = new InflaterInputStream(CipherStream, new Inflater(false));
try {
FileOutputStream InflateBuffer = new FileOutputStream(SQLFile);
int N = 0;
byte[] CryptBuffer = new byte[8192];
while ((N = CryptOutput.read(CryptBuffer)) != -1) {
InflateBuffer.write(CryptBuffer, 0, N);
}
InflateBuffer.close();
} catch (IOException ex) {
quit("Fatal error:" + ex);
}
CipherStream.close();
tempFile.delete();
InputStream SqlDB = new FileInputStream(SQLFile);
byte[] SqlData = new byte[6];
SqlDB.read(SqlData);
byte[] MS = new byte[6];
System.arraycopy(SqlData, 0, MS, 0, 6);
SqlDB.close();
if (!new String(MS, 0, MS.length, "ASCII").toLowerCase().equals("sqlite")) {
new File(SQLFile).delete();
quit("Decryption of crypt12 file has failed.");
}
else
quit("Decryption of crypt12 file was successful.");
}
private static void quit(String Msg) {
System.out.println(Msg);
System.exit(0);
}
public static void main(String[] args) throws Exception {
String outFile;
if (args.length > 1 && args.length < 4) {
if (args.length == 3)
outFile = args[2];
else
outFile = "msgstore.db";
decrypt(args[0], args[1], outFile);
} else {
System.out.println("\nWhatsApp Crypt12 Database Decrypter 1.0 Copyright (C) 2016 by TripCode");
System.out.println("\tUsage: java -jar decrypt12.jar key msgstore.db.crypt12 msgstore.db\n");
}
}
}
Code:
Usage: java -jar decrypt12.jar key msgstore.db.crypt12 msgstore.db
GitHub Repository: WhatsApp-Crypt12-Decrypter
Just a quick question: My phone was swapped by a repair shop and the other person who got my phone didn't realize this at first. She did a factory reset, and probably installed Whatsapp with her SIM card before I got my phone back. I'm so angry right now...
I guess my key file is gone - either deleted by the factory reset or overwritten with her Whatsapp's key file. I have several backups of the Whatsapp directory and still the same Google account, IMEI and phone number. Can I restore my messages or are any attempts futile?
(I see that the code asks for a key file, so if I cannot get it/extract it somewhere, there is probably no chance anymore?)
hi, realy great tool
with that i could open the msgstore.db and see my chats
but is it possible to convert this file into a .db.crypt12 file or something like that, so i can open it with whatsapp an have my chats back?
or are there other ways, i can use this msgstore.db + wa.db to recover the chats?
Hi!
I have a crypt12 database but no key...is there anyone out there able to decrypt it?
How much will it cost to me to do this? Can anyone do it for me?
Is the code written here above working in decrypting a crypt12 database?
I don't want to root or install any spyware, just trying to decrypt the file.
anyone interested in trying?
Please write dawn here if you're interested and we'll get in contact...
ettorebonfanti said:
Hi!
I have a crypt12 database but no key...is there anyone out there able to decrypt it?
How much will it cost to me to do this? Can anyone do it for me?
Is the code written here above working in decrypting a crypt12 database?
I don't want to root or install any spyware, just trying to decrypt the file.
anyone interested in trying?
Please write dawn here if you're interested and we'll get in contact...
Click to expand...
Click to collapse
There is a program out there which claims to obtain the key file without root. If it's still working today, I don't know. Here: https://forum.xda-developers.com/showthread.php?t=2770982
If you want the key file, it's better to root your phone and get it. It's not that hard. You can even unroot your phone after catching the key.
And no, someone can't just decrypt the database, because the key is there for a reason, and this reason is security.
Excellent! Just used this to fix a Whatapp DB.
---------- Post added at 10:57 AM ---------- Previous post was at 10:50 AM ----------
This is great thanks! How do I encrypt the database again with crypt12?
I have both, the DB and the key.
TripCode said:
I will just leave this here. :good:
Python:
Code:
#!/usr/bin/env python
""" decrypt12.py: Decrypts WhatsApp msgstore.db.crypt12 files. """
""" Requires pycrypto and pycryptodome packages. """
__author__ = 'TripCode'
__copyright__ = 'Copyright (C) 2016'
__license__ = 'GPLv3'
__status__ = 'Production'
__version__ = '1.0'
from Crypto.Cipher import AES
import os
import sys
import zlib
def keyfile(kf):
global t1, key
if os.path.isfile(kf) == False:
quit('The specified input key file does not exist.')
elif os.path.getsize(kf) != 158:
quit('The specified input key file is invalid.')
with open(kf, 'rb') as keyfile:
keyfile.seek(30)
t1 = keyfile.read(32)
keyfile.seek(126)
key = keyfile.read(32)
return True
def decrypt12(cf, of):
global t2, iv
if os.path.isfile(cf) == False:
quit('The specified input crypt12 file does not exist.')
tf = cf+'.tmp'
with open(cf, 'rb') as crypt12:
crypt12.seek(3)
t2 = crypt12.read(32)
if t1 != t2:
quit('Key file mismatch or crypt12 file is corrupt.')
crypt12.seek(51)
iv = crypt12.read(16)
crypt12.seek(67)
primer(tf, crypt12, 20)
cipher = AES.new(key, AES.MODE_GCM, iv)
sqlite = zlib.decompress(cipher.decrypt(open(tf, 'rb').read()))
with open(of, 'wb') as msgstore:
msgstore.write(sqlite)
msgstore.close()
os.remove(tf)
return True
def primer(tf, crypt12, sb):
with open(tf, 'wb') as header:
header.write(crypt12.read())
header.close()
with open(tf, 'rb+') as footer:
footer.seek(-sb, os.SEEK_END)
footer.truncate()
footer.close()
def validate(ms):
with open(ms, 'rb') as msgstore:
if msgstore.read(6).decode('ascii').lower() != 'sqlite':
os.remove(ms)
msg = 'Decryption of crypt12 file has failed.'
else:
msg = 'Decryption of crypt12 file was successful.'
msgstore.close()
quit(msg)
def main():
if len(sys.argv) > 2 and len(sys.argv) < 5:
if len(sys.argv) == 3:
outfile = 'msgstore.db'
else:
outfile = sys.argv[3]
if keyfile(sys.argv[1]) and decrypt12(sys.argv[2], outfile):
validate(outfile)
else:
print('\nWhatsApp Crypt12 Database Decrypter '+__version__+' '+__copyright__+' by '+__author__+'\n')
print('\tUsage: python '+str(sys.argv[0])+' key msgstore.db.crypt12 msgstore.db\n')
if __name__ == "__main__":
main()
Code:
Usage: python decrypt12.py key msgstore.db.crypt12 msgstore.db
Java:
Code:
package decrypt12;
/*
*
*** decrypt12.jar: Decrypts WhatsApp msgstore.db.crypt12 files. ***
*
* Author : TripCode
* Copyright : Copyright (C) 2016
* License : GPLv3
* Status : Production
* Version : 1.0
*
*/
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.RandomAccessFile;
import java.security.Security;
import java.util.zip.Inflater;
import java.util.zip.InflaterInputStream;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
// import org.spongycastle.jce.provider.BouncyCastleProvider; // Android
public class decrypt12 {
static {
Security.insertProviderAt(new org.bouncycastle.jce.provider.BouncyCastleProvider(), 1);
// Security.insertProviderAt(new org.spongycastle.jce.provider.BouncyCastleProvider(), 1); // Android
}
public static void decrypt(String KeyFile, String C12File, String SQLFile) throws Exception {
final File tempFile = new File(System.getProperty("java.io.tmpdir") + "/"
+ (int) (System.currentTimeMillis() / 1000L) + "-msgstore.enc");
if (!new File(KeyFile).isFile())
quit("The specified input key file does not exist.");
else if (new File(KeyFile).length() != 158)
quit("The specified input key file is invalid.");
else if (!new File(C12File).isFile())
quit("The specified input crypt12 file does not exist.");
InputStream KeyIn = new FileInputStream(KeyFile);
InputStream WdbIn = new BufferedInputStream(new FileInputStream(C12File));
byte[] KeyData = new byte[158];
KeyIn.read(KeyData);
byte[] T1 = new byte[32];
System.arraycopy(KeyData, 30, T1, 0, 32);
byte[] KEY = new byte[32];
System.arraycopy(KeyData, 126, KEY, 0, 32);
KeyIn.close();
byte[] C12Data = new byte[67];
WdbIn.read(C12Data);
byte[] T2 = new byte[32];
System.arraycopy(C12Data, 3, T2, 0, 32);
byte[] IV = new byte[16];
System.arraycopy(C12Data, 51, IV, 0, 16);
if (!new String(T1, 0, T1.length, "ASCII").equals(new String(T2, 0, T2.length, "ASCII")))
quit("Key file mismatch or crypt12 file is corrupt.");
int InputLength = WdbIn.available();
RandomAccessFile raf = new RandomAccessFile(tempFile, "rw");
byte[] tempBuffer = new byte[1024];
int I;
while ((I = WdbIn.read(tempBuffer)) != -1)
raf.write(tempBuffer, 0, I);
raf.setLength(InputLength - 20);
raf.close();
WdbIn.close();
InputStream PdbSt = new BufferedInputStream(new FileInputStream(tempFile));
Cipher cipher;
Security.addProvider(new BouncyCastleProvider());
cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC"); // BouncyCastle
// cipher = Cipher.getInstance("AES/GCM/NoPadding", "SC"); // SpongyCastle (Android)
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(KEY, "AES"), new IvParameterSpec(IV));
CipherInputStream CipherStream = new CipherInputStream(PdbSt, cipher);
InflaterInputStream CryptOutput = new InflaterInputStream(CipherStream, new Inflater(false));
try {
FileOutputStream InflateBuffer = new FileOutputStream(SQLFile);
int N = 0;
byte[] CryptBuffer = new byte[8192];
while ((N = CryptOutput.read(CryptBuffer)) != -1) {
InflateBuffer.write(CryptBuffer, 0, N);
}
InflateBuffer.close();
} catch (IOException ex) {
quit("Fatal error:" + ex);
}
CipherStream.close();
tempFile.delete();
InputStream SqlDB = new FileInputStream(SQLFile);
byte[] SqlData = new byte[6];
SqlDB.read(SqlData);
byte[] MS = new byte[6];
System.arraycopy(SqlData, 0, MS, 0, 6);
SqlDB.close();
if (!new String(MS, 0, MS.length, "ASCII").toLowerCase().equals("sqlite")) {
new File(SQLFile).delete();
quit("Decryption of crypt12 file has failed.");
}
else
quit("Decryption of crypt12 file was successful.");
}
private static void quit(String Msg) {
System.out.println(Msg);
System.exit(0);
}
public static void main(String[] args) throws Exception {
String outFile;
if (args.length > 1 && args.length < 4) {
if (args.length == 3)
outFile = args[2];
else
outFile = "msgstore.db";
decrypt(args[0], args[1], outFile);
} else {
System.out.println("\nWhatsApp Crypt12 Database Decrypter 1.0 Copyright (C) 2016 by TripCode");
System.out.println("\tUsage: java -jar decrypt12.jar key msgstore.db.crypt12 msgstore.db\n");
}
}
}
Code:
Usage: java -jar decrypt12.jar key msgstore.db.crypt12 msgstore.db
GitHub Repository: WhatsApp-Crypt12-Decrypter
Click to expand...
Click to collapse
error message..line 84..intended error
hi tripcode...i used the python script in python3.6...it showed an intended error..error line 84...can u please help me in this issue..or can u guid me to decrypt the file..am not having that key file..thats y..mobile lost..i retrieved the files from drive..so plz help me in this issue..
error the key file not found
hi it was fine till it shows the key file is not found...plz help me in this issues
GURUMOORTHI said:
hi it was fine till it shows the key file is not found...plz help me in this issues
Click to expand...
Click to collapse
w/o key file ...there is no way to brake the crytp12...
mmmm but i don`t know if there is any chace using brute force to brake the encrytion
Can someone share pycrypto also pycryptodome? or java for Android thanks
gbwhatsapp
Fusseldieb said:
There is a program out there which claims to obtain the key file without root. If it's still working today, I don't know. Here: https://forum.xda-developers.com/showthread.php?t=2770982
If you want the key file, it's better to root your phone and get it. It's not that hard. You can even unroot your phone after catching the key.
And no, someone can't just decrypt the database, because the key is there for a reason, and this reason is security.
Click to expand...
Click to collapse
You can try:
a tutorial from Ik Teach:
https://www.youtube.com/watch?v=4b1f2iTnoO8
link to the file gbwhatsapp:
https://idescargar.com/gbwhatsapp/descargar/
It give you de key file whithout root. It worked for me. But it is a little tricky. and you end up with this modded whatsapp.
Cheers!
hii tripcode
I am not having that key file..
i lost my mobile....i retrieved the files from drive..so plz help me to decrypt my database.
shanya_creation said:
hii tripcode
I am not having that key file..
i lost my mobile....i retrieved the files from drive..so plz help me to decrypt my database.
Click to expand...
Click to collapse
You need to re-download WhatsApp in another phone and use your old number. (Yes, you'll need to recover your phone number before recovering your chats). Once you have WhatsApp installed you can take out the Key file from /data/data/com.whatsapp/files
To do that stuff i recommend to use a old phone that can be easily rooted or one that has already rooted.
Good luck :good:
Hello,
Does anyone know if by any chance KEY file gets deleted on old phone when whatsapp is activated on a new phone and old phone whatsapp gets locked asking for conf code by SMS?
I rooted android 4.x.x
I then searched using ez file manager in root and in data/data /com.whatsapp but i do not see a KEY file.
download WhatsApp Plus8.30 it will work for you
https://goapk.org/whatsapp-plus/
Need Help!
I have whatsapp db.crypt12 file. I am novice in Mobile. Can anybody make that file readable professionally for me? I am ready to pay for this.
HI,
I have extracted the key by the procedure of "WhatsApp Key/DB Extractor 4.7 Enhanced 1.0" (https://forum.xda-developers.com/showthread.php?t=2770982&page=55), but eventually your JAVA code failed with message:
Key file mismatch or crypt12 file is corrupt.
Why is that?
Somewhere (guess at Elcomsoft Explorer) I have read, that the key can only decrypt backups taken from a previous time. This should true in my case, isnt?
1) Is the key somehow related to the phone device itself? (I have used a spare phone for this analysis, so not the original WA was regularly running on.)
Since end of August (when an Upgrade of WA has destroyed my chat history database) I have tried several attempts to restore it by downgrading WA to 2.20.64 and 2.20.89, so the key I have now is not the original of what the crypted backup was created with.
Moreover, due to a database schema error my chat history can only be loaded with WA version previous to 2.20.89 (this is why: https://medium.com/@leonardocezaryc...hatsapp-windows-phone-to-android-6b225918af55)
My experiments now led to the situation, that I not any more can register any pre-2.20.89 version by the SMS verification process, even though I dated my phone back to mid of August.
Thus I currently have no working installation with all my chat history where I could extract a crypto key from.
2) Any ideas how i can bypass Whatsapp to complain about its expired versions and register by SMS again?
3) Is it a hard-coded deadline in the binaries of the app?
4) Does the crypt key change between installations and become incompatible? I wonder, how to restore any old backup then...
Thanks!
samruthstom said:
Hello,
Does anyone know if by any chance KEY file gets deleted on old phone when whatsapp is activated on a new phone and old phone whatsapp gets locked asking for conf code by SMS?
I rooted android 4.x.x
I then searched using ez file manager in root and in data/data /com.whatsapp but i do not see a KEY file.
Click to expand...
Click to collapse
Yes - upon inactivation WA 2.20.89+ destroys the "key" file and instead creates a "backup_token" file.
It is recoverable by activating it via SMS code.
---------- Post added at 07:40 PM ---------- Previous post was at 07:26 PM ----------
heyvijay said:
I have whatsapp db.crypt12 file. I am novice in Mobile. Can anybody make that file readable professionally for me? I am ready to pay for this.
Click to expand...
Click to collapse
What kind of problem can't you solve so far?
There is a commercial solution called "Elcomsoft eXplorer for WhatsApp ".
I also would like and am about to try it out, if you are interested, we can share the costs of it.
After years of successfully using this to access MY chat data, this week it stopped working :-(
WhatsApp on my phone looks to have updated to v2.21.8.17 and is now generating local backups with a .crypt14 extension instead of .crypt12.
Unsurprisingly, this chokes on this with the error Key file mismatch or crypt12 file is corrupt.
However, armed with hexdump and a bit cunning, I've worked out how to tweak the python so that it successfully decodes .crypt14 files.
in a .crypt14 file ... [.py hacks in decrypt12 function shown below in square brackets]
... t2 is at offset 14 [so change to crypt12.seek(14) t2 = crypt12.read(32)]
... iv is at offset 66 [change to crypt12.seek(66) iv = crypt12.read(16)]
... encrypted content starts at offset 99, (I haven't yet worked out the correct amount of footer to remove, but removing 0 seems to result in a successful decryption so far) [change to crypt12.seek(99) primer(tf, crypt12, 0)]
I've also noticed that the 16 bytes at offset 62 to 77 in the key file also appear in the .cryptX file, just like the t bytes at offset 30 to 61 do.
In a .crypt12 file they are at offset 35 to 50.
In a .crypt14 file they are at offset 48 to 63.
In my code I've called these x1 and x2 and do the same equality check as happens for t1 and t2.
In addition, in the .crypt14 file, bytes at 86 to 94 look to contain the WA version number, so in my case 2.21.8.17 - presumably the version that wrote the .crypt14 file. I suspect that when the version number rolls over to more digits (e.g. 2.21.10.10) then the offset to the start of the encrypted content (currently 99 in my backup files) might well change?
adflyer said:
After years of successfully using this to access MY chat data, this week it stopped working :-(
WhatsApp on my phone looks to have updated to v2.21.8.17 and is now generating local backups with a .crypt14 extension instead of .crypt12.
Unsurprisingly, this chokes on this with the error Key file mismatch or crypt12 file is corrupt.
However, armed with hexdump and a bit cunning, I've worked out how to tweak the python so that it successfully decodes .crypt14 files.
in a .crypt14 file ... [.py hacks in decrypt12 function shown below in square brackets]
... t2 is at offset 14 [so change to crypt12.seek(14) t2 = crypt12.read(32)]
... iv is at offset 66 [change to crypt12.seek(66) iv = crypt12.read(16)]
... encrypted content starts at offset 99, (I haven't yet worked out the correct amount of footer to remove, but removing 0 seems to result in a successful decryption so far) [change to crypt12.seek(99) primer(tf, crypt12, 0)]
I've also noticed that the 16 bytes at offset 62 to 77 in the key file also appear in the .cryptX file, just like the t bytes at offset 30 to 61 do.
In a .crypt12 file they are at offset 35 to 50.
In a .crypt14 file they are at offset 48 to 63.
In my code I've called these x1 and x2 and do the same equality check as happens for t1 and t2.
In addition, in the .crypt14 file, bytes at 86 to 94 look to contain the WA version number, so in my case 2.21.8.17 - presumably the version that wrote the .crypt14 file. I suspect that when the version number rolls over to more digits (e.g. 2.21.10.10) then the offset to the start of the encrypted content (currently 99 in my backup files) might well change?
Click to expand...
Click to collapse
It's not working for me for some reason. I don't know what I am missing here. Can you provide the modified code itself?

Categories

Resources