(Warning, loads of technical stuff ahead.)
Alright, As you might be aware of, the header for Universal nbf files is basic base64 encoding, with a little translation table added. When decoding, It starts with an internal translation table, of which it creates the reverse, and applies that reversed table to the header (which is a fixed 172-byte string). After the translation, the header is basically Base64 decoded, and there we are with the RAW-header data.
You can view any of this with either bal666's tool, or in my case my own written console-dump tool.
However, recently while exploring the different new ROMs, I found that the new dutch T-Mobile ROM had something I hadn't seen before: a new bootloader. To my suprise the header was all scrambled, yet some characters seemed OK. The other ROMs (packed in a sub-installer) where still the same, and their headers were easy to decode.
I decided to investigate, and while debugging the upgrader utility I found that in the RUU.dll packed with the bootloader, a different translation table was used! It appears that the normal ROMs are encoded in the old fashion, using the old RUU.dll (ver. 2.12.0.0), while the new bootloader ROM is encoded with a new key, using a new RUU.dll (ver. 2.20.3.0).
Because I thought this might be of use to others, I decided to share this with you guys
So here goes. First the OLD translation table:
Old translation table said:
unsigned char pTransTable[]={
0x79, 0x7A, 0x39, 0x38, 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A,
0x61, 0x62, 0x63, 0x64, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, 0x6F, 0x70,
0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C,
0x6D, 0x6E, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x31, 0x30, 0x2B, 0x2F
};
Click to expand...
Click to collapse
And then the NEW translation table:
New translation table said:
unsigned char pTransTable[]={
0x79, 0x7A, 0x39, 0x38, 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A,
0x61, 0x62, 0x63, 0x64, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x6F, 0x70,
0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C,
0x6D, 0x6E, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, 0x31, 0x30, 0x2B, 0x2F
Click to expand...
Click to collapse
I highlighted the changes for more comfortable reading
Mind you, these are the encoding tables. For decoding the header, you'll need to reverse them.
Related
Hi,
I'm trying to call SetWindowsHookEx to handle keyboard hooks using the following line:
Code:
SetWindowsHookEx(WH_KEYBOARD_LL, KHook, AfxGetInstanceHandle() , NULL);
But the compiler does not recognize WH_KEYBOARD_LL and SetWindowsHookEx and I can't get the right header file and library file to satisfy him.
I searched all the header files and found no instance of the hook type or the function.
The function itself appreas to be in coredll.lib, but adding it to the link made no diffarence and it still break.
Can anyone help me out here? :shock:
SetWindowsHookEx is not documented but does appear to work. I used the normal Win32 documentation (Visual C++ 6).
declarations for Pocket PC:
Code:
#ifndef WH_KEYBOARD_LL
// These definitions are found in pwinuser.h in Platform Builder
#define WH_KEYBOARD_LL 20
extern "C" {
typedef LRESULT (CALLBACK* HOOKPROC)(int code, WPARAM wParam, LPARAM lParam);
typedef struct tagKBDLLHOOKSTRUCT
{
DWORD vkCode; // virtual key code
DWORD scanCode; // scan code DWORD flags; // flags
DWORD flags; // unused
DWORD time; // time stamp for this message
DWORD dwExtraInfo; // extra info from the driver or keybd_event
}
KBDLLHOOKSTRUCT, *PKBDLLHOOKSTRUCT;
HHOOK
WINAPI
SetWindowsHookExW(
int idHook,
HOOKPROC lpfn,
HINSTANCE hmod,
DWORD dwThreadId);
#define SetWindowsHookEx SetWindowsHookExW
BOOL
WINAPI
UnhookWindowsHookEx(
HHOOK hhk);
LRESULT
WINAPI
CallNextHookEx(
HHOOK hhk,
int nCode,
WPARAM wParam,
LPARAM lParam);
}
#endif
Hi there,
I begin to learn RIL functions (i work i-mate sp3i).
I'm stuck with RIL_Initialize returning a NULL handle .... ??? :?
Hvoid RilResultCallback(
DWORD dwCode, // @parm result code
HRESULT hrCmdID, // @parm ID returned by the command that originated>
const void* lpData, // @parm data associated with the notification
DWORD cbData, // @parm size of the strcuture pointed to lpData
DWORD dwParam // @parm parameter passed to <f RIL_Initialize>
)
{
}
void RilNotifyCallback(
DWORD dwCode, // @parm notification code
const void* lpData, // @parm data associated with the notification
DWORD cbData, // @parm size of the strcuture pointed to lpData
DWORD dwParam // @parm parameter passed to <f RIL_Initialize>
)
{
}
void fn()
{
HRIL hRil;
RIL_Initialize(1, RilResultCallback, RilNotifyCallback,
0, 0, &hRil);
if(hRil == NULL)
{
AfxMessageBox(L"hRil == NULL");
}else AfxMessageBox(L"hRil != NULL");
}
I don't understand what the problem is???
Thanks for any help.
what is the result code?
rc= RIL_Initialize( ... )
willem
if i understand you the question right, the result is:
rc=RIL_Initialize(1, RilResultCallback, RilNotifyCallback,
0, 0, &hRil);
hRil==0 , rc == 8........
tstril -- Answers too
8 is a very strange result value for RIL_Initialize.
the only possible answers i see are:
0x80070057 for invalid parameter
0x8007000E or 0x80004005 or 1
... ah, when you specify a notifyproc, you do have to specify some notificationclasses to go with it. .. the 4th param should not be 0 when notifyproc !=NULL
willem
I a beginner if am possible on more in detail,
and the full answer 0x80004005
thankful in advance
maybe your phone is in flightmode?
.. this error means ril did not initialize properly.
willem
Thanks all. I have understood. The certificate is necessary.
Hi,
I have 2 HTC Tornado (T-Mobile SDA) smartphone and Visual Studio 2005. I want to connect them over a GSM data connection. For this risen, I write a little class "myTAPI".
If I use the "LINEMEDIAMODE_INTERACTIVEVOICE" media mode, I can dial and answer speech calls. But if I change the mode to "LINEMEDIAMODE_DATAMODEM", something go wrong. If call the second smartphone with my application, I see for a half second 2 arrows in the right left corner. "lineGetLineDevStatus" returns one active call, for the moment. But I can't get the call over "lineGetMessage" . So I have no hCall Handle.
If I call to PSTN, my phone ring. If I answer by hand, I hear a modem tone.
Program calling phone
Code:
TAPIDev.getMessage();
TAPIDev.getMessage();
TAPIDev.getMessage();
TAPIDev.dial(CString("01716597462"), LINEMEDIAMODE_DATAMODEM);//01716597462
TAPIDev.getMessage();
TAPIDev.getMessage();
TAPIDev.getMessage();
TAPIDev.getMessage();
//TAPIDev.openSerial();
TAPIDev.getStatus();
TAPIDev.getMessage();
TAPIDev.getStatus();
Sleep(5000);
Program waiting phone
Code:
for(i = 0; i < 60; ++i){
TAPIDev.getStatus();
TAPIDev.getMessage();
}
Can someone help me?
Or have someone sample code, that works on tornado.
My sourcecode:
- mytapi: my TAPI class
- open: open the connection
- dial: dial an number
- getMessage: lineGetMessage and answer if possible a call
- getStatus: lineGetLineDevStatus - output for debugging
Thanks
Thomas
answering a GSM datacall not work
Hi,
I implement the same program ( connecting two gsm phones over a gsm data channel) with RIL instance of TAPI. But I have the same problem. The calling smartphone works, but den second smartphone not answer. I only see 2 small arrows in the right left corner for a second.
In an other forum, I read, I have to kill "cprog.exe" but the result is the same.
It down work!
Have somebody a idea?
my code for the calling phone
Code:
HRESULT result;
DWORD dwNotificationClasses = 0xFF0000;
HRIL g_hRIL = 0;
DWORD pdwVersion;
result = RIL_Initialize(1, ResultCallback, NotifyCallback, dwNotificationClasses, g_dwParam, &g_hRIL);
TRACE(TEXT("RIL_Initialize: 0x%0X \n"), result);
result = RIL_GetDriverVersion(
g_hRIL, // @parm handle to RIL instance returned by <f RIL_Initialize>
&pdwVersion // @parm pointer to version. HIWORD is major version, LOWORD is minor version
);
TRACE(TEXT("RIL_GetDriverVersion 0x%0X \n"), pdwVersion);
result = RIL_Dial(
g_hRIL,
"123",
RIL_CALLTYPE_DATA, // @parm type of the call to establish (<def RIL_CALLTYPE_> constant)
RIL_DIALOPT_NONE // @parm dialing options (any combination of <def RIL_DIALOPT_> constants)
);
TRACE(TEXT("RIL_Dial: %d\n"), result);
Sleep(30000);
result = RIL_Hangup(
g_hRIL // @parm handle to RIL instance returned by <f RIL_Initialize>
);
TRACE(TEXT("RIL_Hangup: 0x%0X \n"), result);
Sleep(20000);
result = RIL_Deinitialize(g_hRIL);
TRACE(TEXT("RIL_Deinitialize: 0x%0X \n"), result);
my code for the answering phone:
Code:
HRESULT result;
DWORD dwNotificationClasses = 0xFF0000;
HRIL g_hRIL = 0;
DWORD pdwVersion;
result = RIL_Initialize(1, ResultCallback, NotifyCallback, dwNotificationClasses, g_dwParam, &g_hRIL);
TRACE(TEXT("RIL_Initialize: 0x%0X \n"), result);
result = RIL_GetDriverVersion(
g_hRIL, // @parm handle to RIL instance returned by <f RIL_Initialize>
&pdwVersion // @parm pointer to version. HIWORD is major version, LOWORD is minor version
);
TRACE(TEXT("RIL_GetDriverVersion 0x%0X \n"), pdwVersion);
Sleep(20000);
result = RIL_Answer( g_hRIL );
TRACE(TEXT("RIL_Answer: 0x%0X \n"), result);
Sleep(20000);
result = RIL_Deinitialize(g_hRIL);
TRACE(TEXT("RIL_Deinitialize: 0x%0X \n"), result);
my output for the calling phone:
Load module: myRIL.exe
Load module: shellres.dll
Load module: shutil.dll
Load module: commctrl.dll
Load module: aygshell.dll
Load module: tshres.dll.0407.mui
Load module: tshres.dll
Load module: oleaut32.dll
Load module: ole32.dll
Load module: ossvcs.dll
Load module: ril.dll
Load module: coredll.dll
RIL_Initialize: 0x0
RIL_GetDriverVersion 0x10000
NotifyCallbackRIL_Dial: 468
notify: dwCode=0x800002 lpData=303BFE88, cbData=4
NotifyCallbacknotify: dwCode=0x400005 lpData=303BFD90, cbData=32
NotifyCallbacknotify: dwCode=0x400005 lpData=303BFD90, cbData=32
NotifyCallbacknotify: dwCode=0x400005 lpData=303BFD90, cbData=32
NotifyCallbacknotify: dwCode=0x400005 lpData=303BFD90, cbData=32
NotifyCallbacknotify: dwCode=0x400005 lpData=303BFD90, cbData=32
ResultCallbackresult: dwCode=5, hrCmdID=468 lpData=00000000, cbData=0
NotifyCallbacknotify: dwCode=0x400005 lpData=303BFD90, cbData=32
NotifyCallbacknotify: dwCode=0x400005 lpData=303BFD90, cbData=32
RIL_Hangup: 0x1D5
NotifyCallbacknotify: dwCode=0x10005 lpData=00000000, cbData=0
ResultCallbackresult: dwCode=1, hrCmdID=469 lpData=00000000, cbData=0
The thread 0x2d266852 has exited with code 0 (0x0).
RIL_Deinitialize: 0x0
Load module: t9ime.dll
Click to expand...
Click to collapse
my output for the answering phone:
Load module: myRIL.exe
Load module: shellres.dll
Load module: shutil.dll
Load module: commctrl.dll
Load module: aygshell.dll
Load module: tshres.dll.0407.mui
Load module: tshres.dll
Load module: oleaut32.dll
Load module: ole32.dll
Load module: ossvcs.dll
Load module: ril.dll
Load module: coredll.dll
RIL_Initialize: 0x0
RIL_GetDriverVersion 0x10000
NotifyCallbacknotify: dwCode=0x800002 lpData=2E3BFE88, cbData=4
NotifyCallbacknotify: dwCode=0x400005 lpData=2E3BFD90, cbData=32
NotifyCallbacknotify: dwCode=0x10001 lpData=2E3BFD90, cbData=32
NotifyCallbacknotify: dwCode=0x80001 lpData=00292810, cbData=1576
NotifyCallbacknotify: dwCode=0x10005 lpData=00000000, cbData=0
NotifyCallbacknotify: dwCode=0x400005 lpData=2E3BFD90, cbData=32
RIL_Answer: 0x7E
ResultCallbackresult: dwCode=3, hrCmdID=126 lpData=2E3BFD90, cbData=4
NotifyCallbacknotify: dwCode=0x400005 lpData=2E3BFD90, cbData=32
NotifyCallbacknotify: dwCode=0x400005 lpData=2E3BFD90, cbData=32
NotifyCallbacknotify: dwCode=0x400005 lpData=2E3BFD90, cbData=32
The thread 0xccf055b6 has exited with code 0 (0x0).
RIL_Deinitialize: 0x0
Load module: t9ime.dll
Unload module: ril.dll
Click to expand...
Click to collapse
Thanks for help
Thomas
signing
the registry hack don't work but signing the programm do it
I use two Dopod 900 to test my data call program,
when I register to PSTN and make first data call by my program, it failed...
but after dial video phone by default dialer, I can make a data call and transfer data through ReadFile/WriteFile, does somebody know about that?
i have the same problem when using TAPI on WM 2003
dose any one of you know why this could happen ??
i drop the cprog.exe with the function kill_cprog
void kill_cprog()
{
HANDLE Proc, ProcTree;
PROCESSENTRY32 pe;
BOOL ret_val;
/* Get processes tree */
ProcTree = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
pe.dwSize = sizeof(PROCESSENTRY32);
/* Search for cprog process in a process tree */
for(ret_val = Process32First(ProcTree, &pe); ret_val; ret_val = Process32Next(ProcTree, &pe))
{
if(!wcsicmp(TEXT("cprog.exe"),pe.szExeFile))
{
/* Terminate cprog */
Proc = OpenProcess(0, 0, pe.th32ProcessID);
TerminateProcess(Proc, 0);
CloseHandle(Proc);
break;
}
}
CloseToolhelp32Snapshot(ProcTree);
}
and open the line on this mode
nRetCode = ::lineOpen(m_LineHandle, i, &m_hLine, TAPI_API_HIGH_VERSION,0, (DWORD)m_hWnd, LINECALLPRIVILEGE_OWNER , LINEMEDIAMODE_DATAMODEM , CallParams);
i used the callback
nRetCode = lineInitializeEx( &m_LineHandle, 0, (LINECALLBACK)lineCallbackFunc, (LPCWSTR)"MSM TAPI", &m_dwLines, &MaxTAPIVersion, Params );
and i cant get any callback while in create a call
please help me with this cuz it's make me so confusion
ittaym said:
dose any one of you know why this could happen ??
i drop the cprog.exe with the function kill_cprog
void kill_cprog()
{
HANDLE Proc, ProcTree;
PROCESSENTRY32 pe;
BOOL ret_val;
/* Get processes tree */
ProcTree = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
pe.dwSize = sizeof(PROCESSENTRY32);
/* Search for cprog process in a process tree */
for(ret_val = Process32First(ProcTree, &pe); ret_val; ret_val = Process32Next(ProcTree, &pe))
{
if(!wcsicmp(TEXT("cprog.exe"),pe.szExeFile))
{
/* Terminate cprog */
Proc = OpenProcess(0, 0, pe.th32ProcessID);
TerminateProcess(Proc, 0);
CloseHandle(Proc);
break;
}
}
CloseToolhelp32Snapshot(ProcTree);
}
and open the line on this mode
nRetCode = ::lineOpen(m_LineHandle, i, &m_hLine, TAPI_API_HIGH_VERSION,0, (DWORD)m_hWnd, LINECALLPRIVILEGE_OWNER , LINEMEDIAMODE_DATAMODEM , CallParams);
i used the callback
nRetCode = lineInitializeEx( &m_LineHandle, 0, (LINECALLBACK)lineCallbackFunc, (LPCWSTR)"MSM TAPI", &m_dwLines, &MaxTAPIVersion, Params );
and i cant get any callback while in create a call
please help me with this cuz it's make me so confusion
Click to expand...
Click to collapse
maybe you can use RIL to receive RIL_NOTIFY_DATASVCNEGOTIATED and RIL_NOTIFY_CONNECT .
just a thought, but isn't a data subscrription/number required to receive data calls, like e.g. fax?
Eelco
I want to developer RSS FEED reader for android. I am following this tutorial : http://www.ibm.com/developerworks/xml/tutorials/x-androidrss/downloads.html
I am not getting any error in the program but not getting desired output
**This is my logcat:**
Code:
07-20 16:12:23.531: ERROR/Zygote(33): setreuid() failed. errno: 2
07-20 16:12:35.101: ERROR/Zygote(33): setreuid() failed. errno: 17
07-20 16:12:37.031: ERROR/BatteryService(59): usbOnlinePath not found
07-20 16:12:37.031: ERROR/BatteryService(59): batteryVoltagePath not found
07-20 16:12:37.031: ERROR/BatteryService(59): batteryTemperaturePath not found
07-20 16:12:37.061: ERROR/SurfaceFlinger(59): Couldn't open /sys/power/wait_for_fb_sleep or /sys/power/wait_for_fb_wake
07-20 16:12:47.381: ERROR/EventHub(59): could not get driver version for /dev/input/mouse0, Not a typewriter
07-20 16:12:47.412: ERROR/EventHub(59): could not get driver version for /dev/input/mice, Not a typewriter
07-20 16:12:47.812: ERROR/System(59): Failure starting core service
07-20 16:12:47.812: ERROR/System(59): java.lang.SecurityException
07-20 16:12:47.812: ERROR/System(59): at android.os.BinderProxy.transact(Native Method)
07-20 16:12:47.812: ERROR/System(59): at android.os.ServiceManagerProxy.addService(ServiceManagerNative.java:146)
07-20 16:12:47.812: ERROR/System(59): at android.os.ServiceManager.addService(ServiceManager.java:72)
07-20 16:12:47.812: ERROR/System(59): at com.android.server.ServerThread.run(SystemServer.java:184)
07-20 16:12:49.591: ERROR/SoundPool(59): error loading /system/media/audio/ui/Effect_Tick.ogg
07-20 16:12:49.591: ERROR/SoundPool(59): error loading /system/media/audio/ui/KeypressStandard.ogg
07-20 16:12:49.602: ERROR/SoundPool(59): error loading /system/media/audio/ui/KeypressSpacebar.ogg
07-20 16:12:49.612: ERROR/SoundPool(59): error loading /system/media/audio/ui/KeypressDelete.ogg
07-20 16:12:49.622: ERROR/SoundPool(59): error loading /system/media/audio/ui/KeypressReturn.ogg
07-20 16:12:52.672: ERROR/ThrottleService(59): Could not open GPS configuration file /etc/gps.conf
07-20 16:12:54.551: ERROR/logwrapper(145): executing /system/bin/tc failed: No such file or directory
07-20 16:12:54.691: ERROR/logwrapper(147): executing /system/bin/tc failed: No such file or directory
07-20 16:12:54.781: ERROR/logwrapper(149): executing /system/bin/tc failed: No such file or directory
07-20 16:13:17.789: ERROR/HierarchicalStateMachine(59): TetherMaster - unhandledMessage: msg.what=3
07-20 16:13:38.669: INFO/ActivityManager(59): Start proc com.svox.pico for broadcast com.svox.pico/.VoiceDataInstallerReceiver: pid=268 uid=10028 gids={}
07-20 16:13:38.689: WARN/RecognitionManagerService(59): no available voice recognition services found
07-20 16:13:39.370: DEBUG/dalvikvm(59): GC_EXPLICIT freed 9347 objects / 593752 bytes in 302ms
07-20 16:13:39.590: DEBUG/dalvikvm(165): GC_EXPLICIT freed 2883 objects / 156272 bytes in 1275ms
07-20 16:13:39.659: INFO/installd(35): unlink /data/dalvik-cache/[email protected]@[email protected]
07-20 16:13:39.782: DEBUG/AndroidRuntime(118): Shutting down VM
07-20 16:13:39.789: DEBUG/jdwp(118): adbd disconnected
07-20 16:13:39.809: INFO/AndroidRuntime(118): NOTE: attach of thread 'Binder Thread #3' failed
07-20 16:13:39.879: INFO/ActivityThread(268): Publishing provider com.svox.pico.providers.SettingsProvider: com.svox.pico.providers.SettingsProvider
07-20 16:13:40.131: DEBUG/KeyguardViewMediator(59): pokeWakelock(5000)
07-20 16:13:40.429: DEBUG/KeyguardViewMediator(59): pokeWakelock(5000)
07-20 16:13:40.511: DEBUG/AndroidRuntime(278): >>>>>>>>>>>>>> AndroidRuntime START <<<<<<<<<<<<<<
07-20 16:13:40.511: DEBUG/AndroidRuntime(278): CheckJNI is ON
07-20 16:13:41.740: INFO/ActivityManager(59): Displayed activity com.android.launcher/com.android.launcher2.Launcher: 50234 ms (total 50234 ms)
07-20 16:13:42.340: DEBUG/AndroidRuntime(278): --- registering native functions ---
07-20 16:13:43.790: INFO/ActivityManager(59): Starting activity: Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10000000 cmp=com.msi.androidrss/.ShowDescription }
07-20 16:13:43.890: DEBUG/AndroidRuntime(278): Shutting down VM
07-20 16:13:43.910: DEBUG/jdwp(278): adbd disconnected
07-20 16:13:43.960: INFO/AndroidRuntime(278): NOTE: attach of thread 'Binder Thread #3' failed
07-20 16:13:44.099: INFO/ActivityManager(59): Start proc com.msi.androidrss for activity com.msi.androidrss/.ShowDescription: pid=286 uid=10042 gids={1015}
07-20 16:13:45.939: INFO/ARMAssembler(59): generated scanline__00000077:03545404_00000004_00000000 [ 47 ipp] (67 ins) at [0x2ff7e0:0x2ff8ec] in 7962326 ns
07-20 16:13:46.670: INFO/ActivityManager(59): Displayed activity com.msi.androidrss/.ShowDescription: 2691 ms (total 2691 ms)
**This is my manifest.xml**
Code:
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.msi.androidrss"
android:versionCode="1"
android:versionName="1.0">
<application android:icon="@drawable/icon" android:label="@string/app_name">
<activity android:name=".RSSReader"
android:label="@string/app_name">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
<uses-permission android:name="android.permission.INTERNET"></uses-permission>
</intent-filter>
</activity>
</application>
</manifest>
**This is one of my .java program "RSSReader.java"**
Code:
package com.msi.androidrss;
import android.app.Activity;
import android.os.Bundle;
import android.view.*;
import android.widget.TextView;
import android.widget.ListView;
import android.widget.AdapterView;
import android.widget.ArrayAdapter;
import android.widget.AdapterView.OnItemClickListener;
import android.util.Log;
import java.net.URL;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.xml.sax.InputSource;
import org.xml.sax.XMLReader;
import android.content.Intent;
import com.msi.androidrss.ShowDescription;
public class RSSReader extends Activity implements OnItemClickListener
{
public final String RSSFEEDOFCHOICE = "http://www.ibm.com/developerworks/views/rss/customrssatom.jsp?zone_by=XML&zone_by=Java&zone_by=Rational&zone_by=Linux&zone_by=Open+source&zone_by=WebSphere&type_by=Tutorials&search_by=&day=1&month=06&year=2007&max_entries=20&feed_by=rss&isGUI=true&Submit.x=48&Submit.y=14";
private static final int SELECT = 0;
private static final int REFRESH = 1;
public final String tag = "RSSReader";
private RSSFeed feed = null;
/** Called when the activity is first created. */
public void onCreate(Bundle icicle) {
super.onCreate(icicle);
setContentView(R.layout.main);
// go get our feed!
feed = getFeed(RSSFEEDOFCHOICE);
// display UI
UpdateDisplay();
}
private RSSFeed getFeed(String urlToRssFeed)
{
try
{
// setup the url
URL url = new URL(urlToRssFeed);
// create the factory
SAXParserFactory factory = SAXParserFactory.newInstance();
// create a parser
SAXParser parser = factory.newSAXParser();
// create the reader (scanner)
XMLReader xmlreader = parser.getXMLReader();
// instantiate our handler
RSSHandler theRssHandler = new RSSHandler();
// assign our handler
xmlreader.setContentHandler(theRssHandler);
// get our data via the url class
InputSource is = new InputSource(url.openStream());
// perform the synchronous parse
xmlreader.parse(is);
// get the results - should be a fully populated RSSFeed instance, or null on error
return theRssHandler.getFeed();
}
catch (Exception ee)
{
// if we have a problem, simply return null
return null;
}
}
public boolean onCreateOptionsMenu(Menu menu)
{
super.onCreateOptionsMenu(menu);
menu.add(0, RSSReader.SELECT, 0, "Choose RSS Feed").setIcon(android.R.drawable.ic_menu_mapmode);
//menu.add(0,0,"Choose RSS Feed");
//menu.add(0,1,"Refresh");
menu.add(0, RSSReader.REFRESH, 0, "Refresh").setIcon(android.R.drawable.ic_menu_mapmode);
Log.i(tag,"onCreateOptionsMenu");
return true;
}
@Override
public boolean onMenuItemSelected(final int featureId, final MenuItem item) {
switch (item.getItemId()) {
case RSSReader.SELECT:
Log.i(tag,"Set RSS Feed");
return true;
case RSSReader.REFRESH:
Log.i(tag,"Refreshing RSS Feed");
return true;
}
return false;
}
private void UpdateDisplay()
{
TextView feedtitle = (TextView) findViewById(R.id.feedtitle);
TextView feedpubdate = (TextView) findViewById(R.id.feedpubdate);
ListView itemlist = (ListView) findViewById(R.id.itemlist);
if (feed == null)
{
feedtitle.setText("No RSS Feed Available");
return;
}
feedtitle.setText(feed.getTitle());
feedpubdate.setText(feed.getPubDate());
ArrayAdapter<RSSItem> adapter = new ArrayAdapter<RSSItem>(this,android.R.layout.simple_list_item_1,feed.getAllItems());
itemlist.setAdapter(adapter);
itemlist.setOnItemClickListener(this);
itemlist.setSelection(0);
}
public void onItemClick(AdapterView<?> parent, View v, int position, long id)
{
Log.i(tag,"item clicked! [" + feed.getItem(position).getTitle() + "]");
Intent itemintent = new Intent(this,ShowDescription.class);
Bundle b = new Bundle();
b.putString("title", feed.getItem(position).getTitle());
b.putString("description", feed.getItem(position).getDescription());
b.putString("link", feed.getItem(position).getLink());
b.putString("pubdate", feed.getItem(position).getPubDate());
itemintent.putExtra("android.intent.extra.INTENT", b);
startActivity(itemintent);
}
}
**This is one of my .java program "ShowDescription.java"**
Code:
package com.msi.androidrss;
import android.app.Activity;
import android.os.Bundle;
import android.widget.Button;
import android.widget.TextView;
import android.content.Intent;
import android.view.*;
public class ShowDescription extends Activity
{
public void onCreate(Bundle icicle)
{
super.onCreate(icicle);
setContentView(R.layout.showdescription);
String theStory = null;
Intent startingIntent = getIntent();
if (startingIntent != null)
{
Bundle b = startingIntent.getBundleExtra("android.intent.extra.INTENT");
if (b == null)
{
theStory = "bad bundle?";
}
else
{
theStory = b.getString("title") + "\n\n" + b.getString("pubdate") + "\n\n" + b.getString("description").replace('\n',' ') + "\n\nMore information:\n" + b.getString("link");
}
}
else
{
theStory = "Information Not Found.";
}
TextView db= (TextView) findViewById(R.id.storybox);
db.setText(theStory);
Button backbutton = (Button) findViewById(R.id.back);
backbutton.setOnClickListener(new Button.OnClickListener()
{
public void onClick(View v)
{
finish();
}
});
}
}
**As an output I am getting "*"NO RSS FEED AVAILABLE"*", why ?**
**HELP!!!**
I found the IBM tutorial very hard to follow, I eventually read RSS through a simpler way. Here is a link to the tutorial I wrote after:
http://droidapp.co.uk/?p=166
eatmold said:
I found the IBM tutorial very hard to follow, I eventually read RSS through a simpler way. Here is a link to the tutorial I wrote after:
http://droidapp.co.uk/?p=166
Click to expand...
Click to collapse
Thanks, could you plz upload the full source code ?
Does it support images and clickable feed so that clicking any feed directs the user to the website ?
I will upload the full source of my app today.
It will read any section of the xml so if there are images you will be able to extract the URL and use it in your app. It does support clickable feed also, just by extracting the post URL again.
The app I made is for an audio podcast.
Here you go... hope it helps
http://dl.dropbox.com/u/6876950/EppyGibbonPodcast.zip
help
hello tony,
first thank you for the source code.
I tried running your source code but I am getting these error messages:
Code:
Description Resource Path Location Type
Project 'EppyGibbonPodcast' is missing required library: 'C:\Users\Tony.DZNT\AndroidDev\android-sdk-windows\extras\android\compatibility\v4\android-support-v4.jar' EppyGibbonPodcast Build path Build Path Problem
The project cannot be built until build path errors are resolved EppyGibbonPodcast Unknown Java Problem
Attribute minSdkVersion (4) is lower than the project target API level (10) AndroidManifest.xml /EppyGibbonPodcast line 1 Android ADT Problem
This is the version of my eclipse:
Code:
Eclipse IDE for Java Developers
Version: Helios Service Release 2
Build id: 20110218-0911
I am using 2.2 but I can see you created this code for 2.3. I do have API installed for 3.0 and 3.1 etc so I should be at-least able to run the program on virtual mobile (on PC thru eclipse) but getting the above error msgs.
Please Help.
I just found the file "android-support-v4.jar" in this location:
D:\Android\AndroidSDK\android-sdk-windows\extras\android\compatibility\v4
now how and where I can link this path ?
eatmold said:
I found the IBM tutorial very hard to follow, I eventually read RSS through a simpler way. Here is a link to the tutorial I wrote after:
http://droidapp.co.uk/?p=166
Click to expand...
Click to collapse
very clean and precise. i really like well compartmentalized code
iamsuper123 said:
I just found the file "android-support-v4.jar" in this location:
D:\Android\AndroidSDK\android-sdk-windows\extras\android\compatibility\v4
now how and where I can link this path ?
Click to expand...
Click to collapse
Sorry, I must have left that in from when I was playing with Fragments, it's not needed. You can remove it from the build path. Right click the project, properties, then find and remove from build path.
Hi tony,
I did try to remove it and now I am getting these errors:
Code:
Description Resource Path Location Type
FragmentActivity cannot be resolved to a type podcast.java /EppyGibbonPodcast/src/com/owentech/eppygibbonpodcast line 14 Java Problem
FragmentActivity cannot be resolved to a type podcast.java /EppyGibbonPodcast/src/com/owentech/eppygibbonpodcast line 19 Java Problem
The import android.support cannot be resolved podcast.java /EppyGibbonPodcast/src/com/owentech/eppygibbonpodcast line 8 Java Problem
The method findViewById(int) is undefined for the type podcast podcast.java /EppyGibbonPodcast/src/com/owentech/eppygibbonpodcast line 24 Java Problem
The method findViewById(int) is undefined for the type podcast podcast.java /EppyGibbonPodcast/src/com/owentech/eppygibbonpodcast line 27 Java Problem
The method findViewById(int) is undefined for the type podcast podcast.java /EppyGibbonPodcast/src/com/owentech/eppygibbonpodcast line 30 Java Problem
The method getIntent() is undefined for the type podcast podcast.java /EppyGibbonPodcast/src/com/owentech/eppygibbonpodcast line 32 Java Problem
The method onCreate(Bundle) of type podcast must override a superclass method podcast.java /EppyGibbonPodcast/src/com/owentech/eppygibbonpodcast line 17 Java Problem
The method setContentView(int) is undefined for the type podcast podcast.java /EppyGibbonPodcast/src/com/owentech/eppygibbonpodcast line 21 Java Problem
The method startActivity(Intent) is undefined for the type new View.OnClickListener(){} podcast.java /EppyGibbonPodcast/src/com/owentech/eppygibbonpodcast line 57 Java Problem
The method startActivity(Intent) is undefined for the type new View.OnClickListener(){} podcast.java /EppyGibbonPodcast/src/com/owentech/eppygibbonpodcast line 67 Java Problem
AdapterView is a raw type. References to generic type AdapterView<T> should be parameterized main.java /EppyGibbonPodcast/src/com/owentech/eppygibbonpodcast line 50 Java Problem
Attribute minSdkVersion (4) is lower than the project target API level (10) AndroidManifest.xml /EppyGibbonPodcast line 1 Android ADT Problem
The import com.owentech.eppygibbonpodcast.R is never used arrays.java /EppyGibbonPodcast/src/com/owentech/eppygibbonpodcast line 3 Java Problem
I would deeply appreciate if you could upload a fresh copy of source code without this fragment file / issue.
thank you
OK. I'll upload again tomorrow.
thanks i will keep an eye on your site and here
I have re-uploaded the source, now without the Fragment compatability.
http://dl.dropbox.com/u/6876950/EppyGibbonPodcast.zip
Let me know if you have any problems, but this should run fine now.
Tony
thank you very much tony
it does work now.
I just get these warnings:
Code:
Description Resource Path Location Type
AdapterView is a raw type. References to generic type AdapterView<T> should be parameterized main.java /EppyGibbonPodcast/src/com/owentech/eppygibbonpodcast line 50 Java Problem
AdapterView is a raw type. References to generic type AdapterView<T> should be parameterized rsstest.java /rsstest/src/com/owentech/eppygibbonpodcast line 50 Java Problem
Attribute minSdkVersion (4) is lower than the project target API level (10) AndroidManifest.xml /EppyGibbonPodcast line 1 Android ADT Problem
I tested the code and I think it only works for the RSS FEED that you added in the code.
I tried other rss feed like "http://rss.news.yahoo.com/rss/mostviewed" mentioned on your website (in comments) and few other rss feeds but nothing seems to be working.
(thanks once for all the help)
I wouldn't worry about those warnings.
The app I have uploaded is specifically for the Epileptic Gibbon Podcast, which is a wordpress site.
The code should just need slight changes to match the rss feed you want to use. I suggest you download the rss xml for Epileptic Gibbon and the rss xml for Yahoo and compare the differences.
really great code.
Thanks.
I could really use some help.
I would like to use this app to pull feeds for this site.
http://las-vegas-drunk-driving-attorney.com/
But have no idea how to add this to eclipse and then turn it in to an app.
Could someone help out with the steps to take?
Thank.
I am trying to check whether LG are still publicly hosting G6 bootloader unlock files online. I know you probably think but wait, we know they don't. That may not be the case.
The server may still be publicly hosting the files which device owners need to unlock their bootloaders, by reverse engineering the cached page data from the internet archives I have extracted a download link from the page.
Code:
"https://developer.lge.com/resource/mobile/common/file/DownloadFile.dev" + "?fileId=" + encodeURIComponent( json.fileId ) ;
Which appears to be missing the encoded file name. If we could get enough file names and they are indeed still publicly hosted online, we could possibly download our bootloader unlock files directly from source if we can establish a pattern in the data.
I am guessing that these file names will be in someway related to the device identifier. It's a long shot but I am willing to check it out, please help by posting the file name of the archive you extracted your unlock.bin file from this is possibly a ZIP archive you downloaded from LG website to unlock your bootloader and the file name of unlock.bin if different from unlock.bin.
Hi,
Here are the informations of an old device I owned but dead today. So it's OK to use them.
- IMEI or MEID: 356144087429995- Device ID: 662CDCF3D09A5AED38E08DB652EC4CC6F63B24DADB2332BC0C7CD30A9924D731
Jeff_i said:
Hi,
Here are the informations of an old device I owned but dead today. So it's OK to use them.
- IMEI or MEID:356144087429995- Device ID:662CDCF3D09A5AED38E08DB652EC4CC6F63B24DADB2332BC0C7CD30A9924D731
Click to expand...
Click to collapse
So it looks like the file indeed is named unlock.bin, i dont think anybody is renaming it from original name to unlock.bin
Was the file downloaded from LG in zipped format and you had unzipped it? OP would like to know the name of the original file received directly from LG if it was zipped and not as you have uploaded it here on the forum.
Right !
The attached file from lg was directly the unlock.bin file and I used it as is.
Any news?
Would there be any way to decode and re encode the unlock.bin file to use the IMEI and Device ID of your own phone?
Here are a few unlock files (from old G6 (and a G5)
Any updates ?
Please update on new ways to generate the unlock.bin. I've got an LG Stylus 2 Plus K530F and it's crazy impossible now that LG took down the site.
"Wrong Bootloader Unlock key" is what I get unfortunately
Hello,
I've take a look at the unlock.bin files shared here and this is what I've discovered:
1. when you upload the unlock.bin file, it must exactly be 1024 bytes, any other file size will give you back an error.
2. it's a null (00) padded file
3. the unlock file seems to always begin with this sequence of 20 bytes: 159e 8db7 d36b 2d7e 0001 0000 0002 0000 0100 0000
4. LG G6) contains 2 blocks of 256 bytes separated by 12 null bytes: 0000 0000 0000 0000 0000 0000
So the G6 structure seems to always be (in bytes):
20 (initial sequence) + 256 (first part) + 12 (null bytes) + 256 (second part) + 480 (padding)
4b. LG G5) after the same initial sequence (159e 8db7 d36b 2d7e 0001 0000 0002 0000 0100 0000) there is just one "block" of 256 bytes before the null padding.
Final thoughts:
I may guess that decrypting the file itself is impossible and probably the unlock keys must be extracted separately (could be as simple as):
$ head -c 276 unlock.bin | tail -c 256 > key1.bin
and (only on G6):
$ tail -c 736 unlock.bin | head -c 256 > key2.bin
If someone could share more binary files downloaded from the LG website (also for other devices) it may be useful to do more guessing about the way this files was built.
--EDIT 1
I found a post with a link to this repository:
lk/platform/lge_shared at master · jaehyek/lk
Contribute to jaehyek/lk development by creating an account on GitHub.
github.com
This made me figure how the previous models (including G5?) unlock.bin file was generated and read.
According to lge_verified_boot.c, the input structure (unlock_input_data_type) is obtained by concatenating device_id and imei taken from the phone.
All what validation (verify_image) does is comparing sha256 of it with the decoded part of unlock.bin content.
So, unlock.bin's "key1" should be obtained with: encrypt( sha256( concat( device_id, imei ) ) )
The good news is that the repository includes a "keys" folder with all the keystores used... The bad one is that I haven't found the "d2i_LGE_KEYSTORE" function that knows how to read them.
I tried again with the strategy of comparing files and discovered that there are some recurring patterns in keystores:
they seems to start with: 0x30, 0x82, 0x01
then contains some bits that identify the keystore, then:
0x30, 0x82, 0x01, 0x1f, 0x30, 0x82, 0x01, 0x1b, 0x30, 0x0b, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x30, 0x82, 0x01,
0x0a, 0x02, 0x82, 0x01, 0x01, 0x00
finally, sequence ends with: 0x02, 0x03, 0x01, 0x00, 0x01.
I will write here again if I can find the public key, in order to decode the posted unlock.bin files and to collect feedback of whom posted them without imeis and device ids.
I just may need the sha256 sums of the 2 concatenated strings.
--EDIT 2
After writing a simple C program to print the Keystore inside bl_unlock.c (BLUNLOCK_KEYSTORE variable), I obtained a binary file that can be read using:
$ openssl asn1parse -in keystore -inform DER -i
0:d=0 hl=4 l= 309 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=2 l= 13 prim: PRINTABLESTRING :UNLOCK_RSA_02
22:d=1 hl=4 l= 287 cons: SEQUENCE
26:d=2 hl=4 l= 283 cons: SEQUENCE
30:d=3 hl=2 l= 11 cons: SEQUENCE
32:d=4 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
43:d=3 hl=4 l= 266 cons: SEQUENCE
47:d=4 hl=4 l= 257 prim: INTEGER :92D5E3A2C6F311A1FD325C94415DF197BA1C2B307C1EDBB5D9ED109AB8A639F10D61F6582B367AAECBBF95A130E54754667565AA6A60AFA6ADD6F246048C839D017D21849F5AA2A08FA5DBDE0712694E7E80FC42A709CEE3A91A5B11873A079E0FB04E14001C6B5BB4A5DDF52E793A8D5DD4E177C560C7CEDFB8FCC844B6640B4813D629AB9B34CFD5081C5A5384225049FE0B62EFBF79728421360D3C874B387CE5B67891F8942DB431BEAAC7414ED52AFA283EA39EAD160DA51FD7F8393BAF6BBCA780DFAC477BFEF43C61E9431B85F70E4DB2CF7B0F7A410DB24D6F806C91A2C650897E9B90668D25B0A9174054E133B4382ADA5AEC3527D2F4CABE263917
308:d=4 hl=2 l= 3 prim: INTEGER :010001
--EDIT 3
First of all, I want to say that I've downloaded an OTA update of LG G6 and this can probably confirm that this keystore is still there:
LG-H87010f-Flashable.Bootloader.zip
extract and:
$ grep "UNLOCK_RSA_02" -R
grep: bootloader/aboot.img: Binary file matches
so I invested more time on it figuring how the keystore originated and found this source code of KeystoreSigner that produce the same DER sequence:
verity/KeystoreSigner.java - platform/system/extras - Git at Google
so I wrote a small Java program to print the public key in PEM format:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktXjosbzEaH9MlyUQV3xl7ocKzB8Htu
12e0QmrimOfENYfZYKzZ6rsu/laEw5UdUZnVlqmpgr6at1vJGBIyDnQF9IYSfWqKgj6Xb3gcSaU
5+gPxCpwnO46kaWxGHOgeeD7BOFAAca1u0pd31Lnk6jV3U4XfFYMfO37j8yES2ZAtIE9Ypq5s0z
9UIHFpThCJQSf4LYu+/eXKEITYNPIdLOHzltniR+JQttDG+qsdBTtUq+ig+o56tFg2lH9f4OTuv
a7yngN+sR3v+9Dxh6UMbhfcOTbLPew96QQ2yTW+AbJGixlCJfpuQZo0lsKkXQFThM7Q4Ktpa7DU
n0vTKviY5FwIDAQAB
-----END PUBLIC KEY-----
It is a 2048-bit RSA public key, that I'm still not able to use to read the unlock files posted yet, but I share all my work just in case anybody wants to help.
-- EDIT 4
This is how I'm trying to use all the pieces I've put together. It's working now!!!
Now we have a working method to validate unlock.bin files for older phones!!!
--EDIT 5
Updated code with the working version.
-- EDIT 6
With a big thank to @ncrt that figured how the second signature is generated we now know how to completely validate the unlock.bin of G6.
This is the final version of the Java validator:
Java:
import java.io.File;
import java.math.BigInteger;
import java.nio.file.Files;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.RSAPublicKeySpec;
class Main {
private static final int UNLOCK_BIN_SIZE = 1024;
private static final int UINT32_T_SIZE = 4;
private static final int SIGNATURE_SIZE = 512;
private static final int KEY_SIZE = 256;
private static final int EXTRA_SIZE = 492;
private static final long SECURITY_UNLOCK_MAGIC1 = 2377586078L; // 0x8DB7159E
private static final long SECURITY_UNLOCK_MAGIC2 = 763286379L; // 0x2D7ED36B
private static final long SECURITY_UNLOCK_VERSION = 1L;
private static final int IMEI_SIZE = 32;
private static final int DEVICE_ID_SIZE = 96;
// RSA_UNLOCK_02
private static final RSAPublicKeySpec spec = new RSAPublicKeySpec(new BigInteger(
"18536265221834400955526124823946945144241534366405270883862606828214326557303158761374427696439760867810300046710668389940627901357786930619155280232713255180467267693281615312585736047834931276426122242381388755141769507773314618374615964530031495500324126445550145922318729183762394336526893965841523887301431217744349619177044755418369600023019646764547203434859153096499560007159303235140562773302106895748271986503337696246115511449909141742149128001718847058167094531480513164043443149146227140700654562659385941009377485565173992175722386093166833729231966326215327030617445434971297334403421561820089441204503"),
new BigInteger("65537"));
public static void main(String[] args) throws Exception {
String imei = "356144087429995";
String deviceId = "662CDCF3D09A5AED38E08DB652EC4CC6F63B24DADB2332BC0C7CD30A9924D731";
byte[] fileContent = Files.readAllBytes(new File("unlock.bin").toPath());
if (fileContent.length != UNLOCK_BIN_SIZE) {
System.err.println("Filecontent: " + fileContent.length + " expected: " + UNLOCK_BIN_SIZE);
return;
}
int offset = 0;
byte[] magic1 = new byte[UINT32_T_SIZE];
System.arraycopy(fileContent, offset, magic1, 0, UINT32_T_SIZE);
offset += UINT32_T_SIZE;
byte[] magic2 = new byte[UINT32_T_SIZE];
System.arraycopy(fileContent, offset, magic2, 0, UINT32_T_SIZE);
offset += UINT32_T_SIZE;
byte[] version = new byte[UINT32_T_SIZE];
System.arraycopy(fileContent, offset, version, 0, UINT32_T_SIZE);
offset += UINT32_T_SIZE;
byte[] hash_type = new byte[UINT32_T_SIZE];
System.arraycopy(fileContent, offset, hash_type, 0, UINT32_T_SIZE);
offset += UINT32_T_SIZE;
byte[] key_size = new byte[UINT32_T_SIZE];
System.arraycopy(fileContent, offset, key_size, 0, UINT32_T_SIZE);
offset += UINT32_T_SIZE;
if (deserialize_uint32(magic1) != SECURITY_UNLOCK_MAGIC1 || deserialize_uint32(magic2) != SECURITY_UNLOCK_MAGIC2
|| deserialize_uint32(version) != SECURITY_UNLOCK_VERSION) {
System.err.println("Magic numbers not found");
return;
}
byte[] signature = new byte[SIGNATURE_SIZE];
System.arraycopy(fileContent, offset, signature, 0, SIGNATURE_SIZE);
offset += SIGNATURE_SIZE;
byte[] extra = new byte[EXTRA_SIZE];
System.arraycopy(fileContent, offset, extra, 0, EXTRA_SIZE);
offset += EXTRA_SIZE;
byte[] input = new byte[DEVICE_ID_SIZE + IMEI_SIZE];
System.arraycopy(deviceId.getBytes(), 0, input, 0, deviceId.length());
System.arraycopy(imei.getBytes(), 0, input, DEVICE_ID_SIZE, imei.length());
final KeyFactory f = KeyFactory.getInstance("RSA");
final PublicKey publicKey = f.generatePublic(spec);
byte[] firstSignature = new byte[KEY_SIZE];
System.arraycopy(signature, 0, firstSignature, 0, KEY_SIZE);
Signature firstSignatureVerify = Signature.getInstance("NonewithRSA");
firstSignatureVerify.initVerify(publicKey);
firstSignatureVerify.update(MessageDigest.getInstance("SHA-256").digest(input));
boolean sigVerified = firstSignatureVerify.verify(firstSignature);
System.out.println("First signature verified: " + sigVerified);
byte[] secondSignature = new byte[KEY_SIZE];
System.arraycopy(signature, KEY_SIZE + 12, secondSignature, 0, KEY_SIZE - 12);
System.arraycopy(extra, 0, secondSignature, KEY_SIZE - 12, 12);
Signature secondSignatureVerify = Signature.getInstance("SHA256withRSA");
secondSignatureVerify.initVerify(publicKey);
secondSignatureVerify.update(input);
boolean sig2Verified = secondSignatureVerify.verify(secondSignature);
System.out.println("Second signature verified: " + sig2Verified);
}
private static long deserialize_uint32(byte[] b) {
long l = (long) b[0] & 0xFF;
l += ((long) b[1] & 0xFF) << 8;
l += ((long) b[2] & 0xFF) << 16;
l += ((long) b[3] & 0xFF) << 24;
return l;
}
}
Cheers
Francians
hope is fine to reserve more room....
RESERVED
francians said:
First of all, I want to say that I've downloaded an OTA update of LG G6 and this can probably confirm that this keystore is still there
Click to expand...
Click to collapse
is this at all helpful to you, or no?
LG Open Source
opensource.lge.com
francians said:
hope is fine to reserve more room....
RESERVED
Click to expand...
Click to collapse
How can I unlock my phone whit this little program?
francians said:
--EDIT 5
Updated code with the working version.
Cheers
How can I unlock my phone whit this little program?
Click to expand...
Click to collapse
That code demonstrates how the unlock works and cannot generate a file to unlock your phone. For G6 the puzzle is still uncompleted, but I am working on it. If there will be a method to unlock I'll write a dedicated post and give you a compiled software
Honkette1738 said:
is this at all helpful to you, or no?
LG Open Source
opensource.lge.com
Click to expand...
Click to collapse
The OTA will be helpful to reverse engineering it, since the source I've found is older
I was writing to the german CEO a while ago , he said no.
But maybe if we are more and write to Korea , we may have succses ?
Thats what he said :
Dear Mr W,
I have to pass. LG has not been selling cell phones for some time now and the developer services were discontinued at the end of 2021. Unfortunately, it is no longer possible to comply with your request.
For any inquiries, I'm willing to help.
.....
Definitely could be a good idea to ask them to share the private keys since without them it's currently impossible to write an unlock files generator. They may rise security concerns if such keys have been used for something else too.
marcus67 said:
I was writing to the german CEO a while ago , he said no.
But maybe if we are more and write to Korea , we may have succses ?
Thats what he said :
Dear Mr W,
I have to pass. LG has not been selling cell phones for some time now and the developer services were discontinued at the end of 2021. Unfortunately, it is no longer possible to comply with your request.
For any inquiries, I'm willing to help.
.....
Click to expand...
Click to collapse
francians said:
Definitely could be a good idea to ask them to share the private keys since without them it's currently impossible to write an unlock files generator.
Click to expand...
Click to collapse
could that be in engineering bootloaders, or likely not?