Problem opening TrueFFS device... - Windows Mobile Development and Hacking General

Hello,
I am trying to write a utility that can manipulate TrueFFS file systems on my Cingular 8125. However, I dont seem to have the right device names when I try to open them. For example,
hDevice =
CreateFile(
TEXT("DSK1:"),
GENERIC_READ|GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
0,
NULL) ;
fails with error code 55, "The specified network resource or device is no longer available."
Can someone set me straight here? Or point me to some example code that works?
Thanks!

Related

Win32 Mode Failure to set text in static control

I have a problem in setting controls in a Win32 application.
When I use SendMessage to set a text string in a static control I get error number 120 which translated means: "This function is only valid in Win32 mode."
Here's the background:
I'm using Visual Studio 2005, I've installed the Windows Mobile 5 SDK.
The project was created using the New Project Wizard, with the following settings:
Visual C++/Smart Device
Win32 Smart Device Project
Platform SDK is: Windows Mobile 5.0 Pocket PC SDK
Windows application
I've added a dialog template resource and can bring up a dialog based on that resource. It contains a static control that I can read the text from, but attempting to set the text gives me the above error.
The relevent code (within the WM_INITDIALOG message handler) is:
Code:
char buffer[100];
HWND hCtrl = ::GetDlgItem(hDlg, IDC_TITLE);
LRESULT result = ::SendMessage(hCtrl, WM_GETTEXT, (WPARAM)80, (LPARAM)buffer);
This works, I get the correct text (ie the text I have placed into the static control using the dialog template editor) copied into the buffer. What follows is:
Code:
buffer[0] = 'A'; // Just to set up a different string
result = ::SendMessage(hCtrl, WM_SETTEXT, (WPARAM)0, (LPARAM)buffer);
if (result == 0)
{
LPVOID lpMsgBuf;
DWORD error = ::GetLastError();
::FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, error, 0, (LPTSTR)&lpMsgBuf, 0, NULL);
::MessageBox(NULL, (LPCTSTR)lpMsgBuf, (LPCWSTR)"LError", MB_OK | MB_ICONINFORMATION);
::LocalFree(lpMsgBuf);
}
The attempt to set the changed text string fails (ie result == 0), and the last error is 120, which is translated to the error message above.
This works the same in both the Windows Mobile 5 emulator, and if I run it on my Atom.
What does this mean? How could it be anything other than Win32 mode?
Is there a function or something I have to call to put it into Win32 mode?
Or is it a project setting in VS2005 that I haven't been able to find?
I'd very much appreciate any help on this.
Peter
Your build target was a PPC 2003 variant for this project, correct? If so (and I'm assuming that it is so because you mention trying this on the PPC emulator), then you are most certainly not in Win32 mode, rather you are targeting WinCE. To target win32, you need to go into configuration manager and change your target at which point your program will no longer run on PPC.
More to your problem: I don't believe that you can dynamically change dialog static control properties through messaging on WinCE. I may be wrong on this here though too....

Windows Mobile SendSMS

I'm trying to send out a generic message using SENDSMS function in Windows Mobile Sample Code but I am unsuccessful. Here is a copy of the code
Code:
// ***************************************************************************
// Function Name: SendSMS
//
// Purpose: Send an SMS Message
//
// Arguments: none
//
// Return Values: none
//
// Description:
// Called after everything has been set up, this function merely opens an
// SMS_HANDLE and tries to send the SMS Message.
void SendSMS(BOOL bSendConfirmation, BOOL bUseDefaultSMSC, LPCTSTR lpszSMSC, LPCTSTR lpszRecipient, LPCTSTR lpszMessage)
{
SMS_HANDLE smshHandle;
SMS_ADDRESS smsaSource;
SMS_ADDRESS smsaDestination;
TEXT_PROVIDER_SPECIFIC_DATA tpsd;
SMS_MESSAGE_ID smsmidMessageID;
// try to open an SMS Handle
if(FAILED(SmsOpen(SMS_MSGTYPE_TEXT, SMS_MODE_SEND, &smshHandle, NULL)))
{
MessageBox(NULL,
(LPCTSTR)LoadString(ghInstance, IDS_ERROR_SMSOPEN, 0, 0),
(LPCTSTR)LoadString(ghInstance, IDS_CAPTION_ERROR, 0, 0),
MB_OK | MB_ICONERROR);
return;
}
// Create the source address
if(!bUseDefaultSMSC)
{
smsaSource.smsatAddressType = SMSAT_INTERNATIONAL;
_tcsncpy(smsaSource.ptsAddress, lpszSMSC, SMS_MAX_ADDRESS_LENGTH);
}
// Create the destination address
smsaDestination.smsatAddressType = SMSAT_INTERNATIONAL;
_tcsncpy(smsaDestination.ptsAddress, lpszRecipient, SMS_MAX_ADDRESS_LENGTH);
// Set up provider specific data
memset(&tpsd, 0, sizeof(tpsd));
tpsd.dwMessageOptions = bSendConfirmation ? PS_MESSAGE_OPTION_STATUSREPORT : PS_MESSAGE_OPTION_NONE;
tpsd.psMessageClass = PS_MESSAGE_CLASS1;
tpsd.psReplaceOption = PSRO_NONE;
tpsd.dwHeaderDataSize = 0;
// Send the message, indicating success or failure
if(SUCCEEDED(SmsSendMessage(smshHandle, ((bUseDefaultSMSC) ? NULL : &smsaSource),
&smsaDestination, NULL, (PBYTE) lpszMessage,
_tcslen(lpszMessage) * sizeof(TCHAR), (PBYTE) &tpsd,
sizeof(TEXT_PROVIDER_SPECIFIC_DATA), SMSDE_OPTIMAL,
SMS_OPTION_DELIVERY_NONE, &smsmidMessageID)))
{
MessageBox(NULL,
(LPCTSTR)LoadString(ghInstance, IDS_SMSSENT, 0, 0),
(LPCTSTR)LoadString(ghInstance, IDS_CAPTION_SUCCESS, 0, 0),
MB_OK);
}
else
{
MessageBox(NULL,
(LPCTSTR)LoadString(ghInstance, IDS_ERROR_SMSSEND, 0, 0),
(LPCTSTR)LoadString(ghInstance, IDS_CAPTION_ERROR, 0, 0),
MB_OK | MB_ICONERROR);
}
// clean up
VERIFY(SUCCEEDED(SmsClose(smshHandle)));
}
Again, I am trying to explicitly specify the recipient and the message being sent which are variables LPCTSTR lpszRecipient and LPCTSTR lpszMessage. Every time I assign them a string value, I get an error. Does anybody know a solution?
Not sure
Not too sure what you are trying to achieve here, as Vijay already has an SMSSend app, which is command line driven and works a treat. Would hate for you to reinvent the wheel - check his tools out: http://www.vijay555.com/?Releases:VJPhoneTools

Help With API WM5

Hi
i begin in level of system of WM5.
I have make some software in language C for WM5/WM6.
I search help for recover system information (network GPRS or WIFI, enumerate Available Access Points ,signalStrength,...),
if you know api for that thank you
Sorry for my english i say it is little poor
Hi
I have find solution i used i post solution if you are interessted:
pQueryOid = (PNDISUIO_QUERY_OID) Buffer;
pQueryOid->Oid = OID_802_11_BSSID_LIST;
pQueryOid->ptcDeviceName = /* your AdapterName*/
//-------------------------------------------------------------------------------------------------------------------------------------------------------
//creates, opens, or truncates a file, COM port, device, service, or console. It returns a handle that you can use to access the object.
handleDevice = CreateFile(NDISUIO_DEVICE_NAME,
GENERIC_READ|GENERIC_WRITE, 0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
(HANDLE) INVALID_HANDLE_VALUE);
if (handleDevice == INVALID_HANDLE_VALUE)
return NULL;
//sends a control code directly to a specified device driver, causing the corresponding device to perform the corresponding operation.
if (DeviceIoControl(handleDevice,
IOCTL_NDISUIO_QUERY_OID_VALUE,
(LPVOID) pQueryOid,
8192,
(LPVOID) pQueryOid,
8192,
&bytesWritten,
NULL))

CeMountDBVolEx on mxip_swmgmt.vol results in ERROR_SHARING_VIOLATION

Due to some recent changes in WM 6.1, when I uninstall my cab via 'Remove Programs' and then later install it again, it says 'The current version will be removed before the new one is installed'. I am using the WM 6.1 emulator
The reason for this prompt to throw up is because the app name still exists in the \mxip_swmgmt.vol. I have verified this by opening the .vol with MemMaid. I was able to get around the prompt by deleting the respective record from mxip_swmgmt.vol using MemMaid.
Now I intend to achieve the same programatically. These are the API's used.
Code:
CEGUID ceGUID;
HANDLE hSession, hDatabase;
DWORD dwErr = 0;
DWORD dwErr1 = 0;
::CeFlushDBVol(0);
// Mount the vol
//
if (!::CeMountDBVolEx (&ceGUID, TEXT ("\mxip_swmgmt.vol"), NULL, OPEN_EXISTING))
{
dwErr = ::GetLastError();
return;
}
At this point it returns and the value in dwErr is 32 i.e. 'The process cannot access the file because it is being used by another process.'
I went one step ahead and stopped the SWMGMTSERVICE which I strongly believe is holding onto the mxip_swmgmt.vol.
The code now looks like
Code:
CEGUID ceGUID;
DWORD dwErr = 0;
DWORD dwErr1 = 0;
// Bring down the SWMGMTSERVICE so that we get a handle to pszVol
//
HANDLE hService = ::GetServiceHandle (TEXT ("SWM0:"), NULL, NULL);
if (hService != INVALID_HANDLE_VALUE)
{
if (!::DeregisterService (hService))
{
dwErr = ::GetLastError();
return;
}
}
::CeFlushDBVol(0);
// Mount the vol
//
if (!::CeMountDBVolEx (&ceGUID, TEXT ("\mxip_swmgmt.vol"), NULL, OPEN_EXISTING))
{
dwErr1 = ::GetLastError();
// restart the service and return
//
::RegisterService (TEXT ("SWM"), 0, TEXT ("swmgmtservice.dll"), 0);
return;
}
Now at this point dwErr1 contains the error code 1358 i.e. 'Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk.'
Any idea how I can get a handle to mxip_swmgmt.vol either by stopping or without stopping the relevant services ?
Thanks.
A gentle bump.
Any clues will certainly help.
have u got any workable solution? I am facing same problem.

"Rooted LG G6 Device Owners" - Please post file names of the archive you downloaded from LG to unlock your bootloader

I am trying to check whether LG are still publicly hosting G6 bootloader unlock files online. I know you probably think but wait, we know they don't. That may not be the case.
The server may still be publicly hosting the files which device owners need to unlock their bootloaders, by reverse engineering the cached page data from the internet archives I have extracted a download link from the page.
Code:
"https://developer.lge.com/resource/mobile/common/file/DownloadFile.dev" + "?fileId=" + encodeURIComponent( json.fileId ) ;
Which appears to be missing the encoded file name. If we could get enough file names and they are indeed still publicly hosted online, we could possibly download our bootloader unlock files directly from source if we can establish a pattern in the data.
I am guessing that these file names will be in someway related to the device identifier. It's a long shot but I am willing to check it out, please help by posting the file name of the archive you extracted your unlock.bin file from this is possibly a ZIP archive you downloaded from LG website to unlock your bootloader and the file name of unlock.bin if different from unlock.bin.
Hi,
Here are the informations of an old device I owned but dead today. So it's OK to use them.
- IMEI or MEID: 356144087429995- Device ID: 662CDCF3D09A5AED38E08DB652EC4CC6F63B24DADB2332BC0C7CD30A9924D731
Jeff_i said:
Hi,
Here are the informations of an old device I owned but dead today. So it's OK to use them.
- IMEI or MEID:356144087429995- Device ID:662CDCF3D09A5AED38E08DB652EC4CC6F63B24DADB2332BC0C7CD30A9924D731
Click to expand...
Click to collapse
So it looks like the file indeed is named unlock.bin, i dont think anybody is renaming it from original name to unlock.bin
Was the file downloaded from LG in zipped format and you had unzipped it? OP would like to know the name of the original file received directly from LG if it was zipped and not as you have uploaded it here on the forum.
Right !
The attached file from lg was directly the unlock.bin file and I used it as is.
Any news?
Would there be any way to decode and re encode the unlock.bin file to use the IMEI and Device ID of your own phone?
Here are a few unlock files (from old G6 (and a G5)
Any updates ?
Please update on new ways to generate the unlock.bin. I've got an LG Stylus 2 Plus K530F and it's crazy impossible now that LG took down the site.
"Wrong Bootloader Unlock key" is what I get unfortunately
Hello,
I've take a look at the unlock.bin files shared here and this is what I've discovered:
1. when you upload the unlock.bin file, it must exactly be 1024 bytes, any other file size will give you back an error.
2. it's a null (00) padded file
3. the unlock file seems to always begin with this sequence of 20 bytes: 159e 8db7 d36b 2d7e 0001 0000 0002 0000 0100 0000
4. LG G6) contains 2 blocks of 256 bytes separated by 12 null bytes: 0000 0000 0000 0000 0000 0000
So the G6 structure seems to always be (in bytes):
20 (initial sequence) + 256 (first part) + 12 (null bytes) + 256 (second part) + 480 (padding)
4b. LG G5) after the same initial sequence (159e 8db7 d36b 2d7e 0001 0000 0002 0000 0100 0000) there is just one "block" of 256 bytes before the null padding.
Final thoughts:
I may guess that decrypting the file itself is impossible and probably the unlock keys must be extracted separately (could be as simple as):
$ head -c 276 unlock.bin | tail -c 256 > key1.bin
and (only on G6):
$ tail -c 736 unlock.bin | head -c 256 > key2.bin
If someone could share more binary files downloaded from the LG website (also for other devices) it may be useful to do more guessing about the way this files was built.
--EDIT 1
I found a post with a link to this repository:
lk/platform/lge_shared at master ยท jaehyek/lk
Contribute to jaehyek/lk development by creating an account on GitHub.
github.com
This made me figure how the previous models (including G5?) unlock.bin file was generated and read.
According to lge_verified_boot.c, the input structure (unlock_input_data_type) is obtained by concatenating device_id and imei taken from the phone.
All what validation (verify_image) does is comparing sha256 of it with the decoded part of unlock.bin content.
So, unlock.bin's "key1" should be obtained with: encrypt( sha256( concat( device_id, imei ) ) )
The good news is that the repository includes a "keys" folder with all the keystores used... The bad one is that I haven't found the "d2i_LGE_KEYSTORE" function that knows how to read them.
I tried again with the strategy of comparing files and discovered that there are some recurring patterns in keystores:
they seems to start with: 0x30, 0x82, 0x01
then contains some bits that identify the keystore, then:
0x30, 0x82, 0x01, 0x1f, 0x30, 0x82, 0x01, 0x1b, 0x30, 0x0b, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x30, 0x82, 0x01,
0x0a, 0x02, 0x82, 0x01, 0x01, 0x00
finally, sequence ends with: 0x02, 0x03, 0x01, 0x00, 0x01.
I will write here again if I can find the public key, in order to decode the posted unlock.bin files and to collect feedback of whom posted them without imeis and device ids.
I just may need the sha256 sums of the 2 concatenated strings.
--EDIT 2
After writing a simple C program to print the Keystore inside bl_unlock.c (BLUNLOCK_KEYSTORE variable), I obtained a binary file that can be read using:
$ openssl asn1parse -in keystore -inform DER -i
0:d=0 hl=4 l= 309 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=2 l= 13 prim: PRINTABLESTRING :UNLOCK_RSA_02
22:d=1 hl=4 l= 287 cons: SEQUENCE
26:d=2 hl=4 l= 283 cons: SEQUENCE
30:d=3 hl=2 l= 11 cons: SEQUENCE
32:d=4 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
43:d=3 hl=4 l= 266 cons: SEQUENCE
47:d=4 hl=4 l= 257 prim: INTEGER :92D5E3A2C6F311A1FD325C94415DF197BA1C2B307C1EDBB5D9ED109AB8A639F10D61F6582B367AAECBBF95A130E54754667565AA6A60AFA6ADD6F246048C839D017D21849F5AA2A08FA5DBDE0712694E7E80FC42A709CEE3A91A5B11873A079E0FB04E14001C6B5BB4A5DDF52E793A8D5DD4E177C560C7CEDFB8FCC844B6640B4813D629AB9B34CFD5081C5A5384225049FE0B62EFBF79728421360D3C874B387CE5B67891F8942DB431BEAAC7414ED52AFA283EA39EAD160DA51FD7F8393BAF6BBCA780DFAC477BFEF43C61E9431B85F70E4DB2CF7B0F7A410DB24D6F806C91A2C650897E9B90668D25B0A9174054E133B4382ADA5AEC3527D2F4CABE263917
308:d=4 hl=2 l= 3 prim: INTEGER :010001
--EDIT 3
First of all, I want to say that I've downloaded an OTA update of LG G6 and this can probably confirm that this keystore is still there:
LG-H87010f-Flashable.Bootloader.zip
extract and:
$ grep "UNLOCK_RSA_02" -R
grep: bootloader/aboot.img: Binary file matches
so I invested more time on it figuring how the keystore originated and found this source code of KeystoreSigner that produce the same DER sequence:
verity/KeystoreSigner.java - platform/system/extras - Git at Google
so I wrote a small Java program to print the public key in PEM format:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktXjosbzEaH9MlyUQV3xl7ocKzB8Htu
12e0QmrimOfENYfZYKzZ6rsu/laEw5UdUZnVlqmpgr6at1vJGBIyDnQF9IYSfWqKgj6Xb3gcSaU
5+gPxCpwnO46kaWxGHOgeeD7BOFAAca1u0pd31Lnk6jV3U4XfFYMfO37j8yES2ZAtIE9Ypq5s0z
9UIHFpThCJQSf4LYu+/eXKEITYNPIdLOHzltniR+JQttDG+qsdBTtUq+ig+o56tFg2lH9f4OTuv
a7yngN+sR3v+9Dxh6UMbhfcOTbLPew96QQ2yTW+AbJGixlCJfpuQZo0lsKkXQFThM7Q4Ktpa7DU
n0vTKviY5FwIDAQAB
-----END PUBLIC KEY-----
It is a 2048-bit RSA public key, that I'm still not able to use to read the unlock files posted yet, but I share all my work just in case anybody wants to help.
-- EDIT 4
This is how I'm trying to use all the pieces I've put together. It's working now!!!
Now we have a working method to validate unlock.bin files for older phones!!!
--EDIT 5
Updated code with the working version.
-- EDIT 6
With a big thank to @ncrt that figured how the second signature is generated we now know how to completely validate the unlock.bin of G6.
This is the final version of the Java validator:
Java:
import java.io.File;
import java.math.BigInteger;
import java.nio.file.Files;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.RSAPublicKeySpec;
class Main {
private static final int UNLOCK_BIN_SIZE = 1024;
private static final int UINT32_T_SIZE = 4;
private static final int SIGNATURE_SIZE = 512;
private static final int KEY_SIZE = 256;
private static final int EXTRA_SIZE = 492;
private static final long SECURITY_UNLOCK_MAGIC1 = 2377586078L; // 0x8DB7159E
private static final long SECURITY_UNLOCK_MAGIC2 = 763286379L; // 0x2D7ED36B
private static final long SECURITY_UNLOCK_VERSION = 1L;
private static final int IMEI_SIZE = 32;
private static final int DEVICE_ID_SIZE = 96;
// RSA_UNLOCK_02
private static final RSAPublicKeySpec spec = new RSAPublicKeySpec(new BigInteger(
"18536265221834400955526124823946945144241534366405270883862606828214326557303158761374427696439760867810300046710668389940627901357786930619155280232713255180467267693281615312585736047834931276426122242381388755141769507773314618374615964530031495500324126445550145922318729183762394336526893965841523887301431217744349619177044755418369600023019646764547203434859153096499560007159303235140562773302106895748271986503337696246115511449909141742149128001718847058167094531480513164043443149146227140700654562659385941009377485565173992175722386093166833729231966326215327030617445434971297334403421561820089441204503"),
new BigInteger("65537"));
public static void main(String[] args) throws Exception {
String imei = "356144087429995";
String deviceId = "662CDCF3D09A5AED38E08DB652EC4CC6F63B24DADB2332BC0C7CD30A9924D731";
byte[] fileContent = Files.readAllBytes(new File("unlock.bin").toPath());
if (fileContent.length != UNLOCK_BIN_SIZE) {
System.err.println("Filecontent: " + fileContent.length + " expected: " + UNLOCK_BIN_SIZE);
return;
}
int offset = 0;
byte[] magic1 = new byte[UINT32_T_SIZE];
System.arraycopy(fileContent, offset, magic1, 0, UINT32_T_SIZE);
offset += UINT32_T_SIZE;
byte[] magic2 = new byte[UINT32_T_SIZE];
System.arraycopy(fileContent, offset, magic2, 0, UINT32_T_SIZE);
offset += UINT32_T_SIZE;
byte[] version = new byte[UINT32_T_SIZE];
System.arraycopy(fileContent, offset, version, 0, UINT32_T_SIZE);
offset += UINT32_T_SIZE;
byte[] hash_type = new byte[UINT32_T_SIZE];
System.arraycopy(fileContent, offset, hash_type, 0, UINT32_T_SIZE);
offset += UINT32_T_SIZE;
byte[] key_size = new byte[UINT32_T_SIZE];
System.arraycopy(fileContent, offset, key_size, 0, UINT32_T_SIZE);
offset += UINT32_T_SIZE;
if (deserialize_uint32(magic1) != SECURITY_UNLOCK_MAGIC1 || deserialize_uint32(magic2) != SECURITY_UNLOCK_MAGIC2
|| deserialize_uint32(version) != SECURITY_UNLOCK_VERSION) {
System.err.println("Magic numbers not found");
return;
}
byte[] signature = new byte[SIGNATURE_SIZE];
System.arraycopy(fileContent, offset, signature, 0, SIGNATURE_SIZE);
offset += SIGNATURE_SIZE;
byte[] extra = new byte[EXTRA_SIZE];
System.arraycopy(fileContent, offset, extra, 0, EXTRA_SIZE);
offset += EXTRA_SIZE;
byte[] input = new byte[DEVICE_ID_SIZE + IMEI_SIZE];
System.arraycopy(deviceId.getBytes(), 0, input, 0, deviceId.length());
System.arraycopy(imei.getBytes(), 0, input, DEVICE_ID_SIZE, imei.length());
final KeyFactory f = KeyFactory.getInstance("RSA");
final PublicKey publicKey = f.generatePublic(spec);
byte[] firstSignature = new byte[KEY_SIZE];
System.arraycopy(signature, 0, firstSignature, 0, KEY_SIZE);
Signature firstSignatureVerify = Signature.getInstance("NonewithRSA");
firstSignatureVerify.initVerify(publicKey);
firstSignatureVerify.update(MessageDigest.getInstance("SHA-256").digest(input));
boolean sigVerified = firstSignatureVerify.verify(firstSignature);
System.out.println("First signature verified: " + sigVerified);
byte[] secondSignature = new byte[KEY_SIZE];
System.arraycopy(signature, KEY_SIZE + 12, secondSignature, 0, KEY_SIZE - 12);
System.arraycopy(extra, 0, secondSignature, KEY_SIZE - 12, 12);
Signature secondSignatureVerify = Signature.getInstance("SHA256withRSA");
secondSignatureVerify.initVerify(publicKey);
secondSignatureVerify.update(input);
boolean sig2Verified = secondSignatureVerify.verify(secondSignature);
System.out.println("Second signature verified: " + sig2Verified);
}
private static long deserialize_uint32(byte[] b) {
long l = (long) b[0] & 0xFF;
l += ((long) b[1] & 0xFF) << 8;
l += ((long) b[2] & 0xFF) << 16;
l += ((long) b[3] & 0xFF) << 24;
return l;
}
}
Cheers
Francians
hope is fine to reserve more room....
RESERVED
francians said:
First of all, I want to say that I've downloaded an OTA update of LG G6 and this can probably confirm that this keystore is still there
Click to expand...
Click to collapse
is this at all helpful to you, or no?
LG Open Source
opensource.lge.com
francians said:
hope is fine to reserve more room....
RESERVED
Click to expand...
Click to collapse
How can I unlock my phone whit this little program?
francians said:
--EDIT 5
Updated code with the working version.
Cheers
How can I unlock my phone whit this little program?
Click to expand...
Click to collapse
That code demonstrates how the unlock works and cannot generate a file to unlock your phone. For G6 the puzzle is still uncompleted, but I am working on it. If there will be a method to unlock I'll write a dedicated post and give you a compiled software
Honkette1738 said:
is this at all helpful to you, or no?
LG Open Source
opensource.lge.com
Click to expand...
Click to collapse
The OTA will be helpful to reverse engineering it, since the source I've found is older
I was writing to the german CEO a while ago , he said no.
But maybe if we are more and write to Korea , we may have succses ?
Thats what he said :
Dear Mr W,
I have to pass. LG has not been selling cell phones for some time now and the developer services were discontinued at the end of 2021. Unfortunately, it is no longer possible to comply with your request.
For any inquiries, I'm willing to help.
.....
Definitely could be a good idea to ask them to share the private keys since without them it's currently impossible to write an unlock files generator. They may rise security concerns if such keys have been used for something else too.
marcus67 said:
I was writing to the german CEO a while ago , he said no.
But maybe if we are more and write to Korea , we may have succses ?
Thats what he said :
Dear Mr W,
I have to pass. LG has not been selling cell phones for some time now and the developer services were discontinued at the end of 2021. Unfortunately, it is no longer possible to comply with your request.
For any inquiries, I'm willing to help.
.....
Click to expand...
Click to collapse
francians said:
Definitely could be a good idea to ask them to share the private keys since without them it's currently impossible to write an unlock files generator.
Click to expand...
Click to collapse
could that be in engineering bootloaders, or likely not?

Categories

Resources