As you're a experienced unisoc dev, as I can see, can you help me?

[Fyramiz]

So I have a device, I have bootloader unlocked and root and a GSI, however I built a lot of twrp for it and none works, later I figured that unisoc block such modified binaries, but magisk did patch the boot.img and the bootloader booted it..., Then how can I make the bootloader boot the boot.img with TWRP ramdisk? also the vbmeta also can't be modified to disable verification, vbmeta it self isn't a problem, the big problem is unisoc bootloader that keeps blocking the binary from booting, and from this repo I understand that it will help, but how?, It's a unisoc ums312_2h10

[Skorpion96]

You are definitely in a special situation, I am as well, normally the bootloader blocks booting anything custom, even system, I on my ZTE Blade A5 2019 circumvented it by using an eng firmware, on it the bootloader misses checks for system, vendor, and product, on user firmware the bootloader even if unlocked won't allow anything because I can't sign it as I miss ZTE signature, probably your device uses stock unisoc signature but it's incredible that you can boot a custom boot, maybe magisk leaves the signature intact or you have resigned boot? You can try to sign the twrp with unisoc signature and try to boot it again, or as I thought for my device as well would be interesting to implement safestrap recovery for unisoc. I said you are on a special situation because I have another ZTE Blade A52 where I can't do anything even if I unlocked bootloader, I don't have eng and bootloader doesn't allow anything custom since isn't signed so understand how much you're lucky

[Fyramiz]

It does boot GSI's, however I'll try using hovatek's twrp builder

On Thu, May 9, 2024, 11:55 AM Skorpion96 @.***> wrote:

You are definitely in a special situation, I am as well, normally the bootloader blocks booting anything custom, even system, I on my ZTE Blade A5 2019 circumvented it by using an eng firmware, on it the bootloader misses checks for system, vendor, and product, on user firmware the bootloader even if unlocked won't allow anything because I can't sign it as I miss ZTE signature, probably your device uses stock unisoc signature but it's incredible that you can boot a custom boot, maybe magisk leaves the signature intact or you have resigned boot? You can try to sign the twrp with unisoc signature and try to boot it again, or as I thought for my device as well would be interesting to implement safestrap recovery for unisoc. I said you are on a special situation because I have another ZTE Blade A52 where I can't do anything even if I unlocked bootloader, I don't have eng and bootloader doesn't allow anything custom since isn't signed so understand how much you're lucky

— Reply to this email directly, view it on GitHub https://github.com/TomKing062/CVE-2022-38691_38692/issues/4#issuecomment-2102436144, or unsubscribe https://github.com/notifications/unsubscribe-auth/BGHWLJ42Z772XTVIYICHNU3ZBNIZ7AVCNFSM6AAAAABHFKH6LSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBSGQZTMMJUGQ . You are receiving this because you authored the thread.Message ID: @.***>

[TomKing062]

whithout 38691, andorid 10 can put twrp into boot part,for andorid 9, i didn't find a way to boot twrp

while yes 38691_38692 has the ability to control all vbmeta staff

[Fyramiz]

How does android put twrp to boot on android 10, and also how to control vbmeta stuff?

[TomKing062]

38691 boot unsigned spl, spl boot unsigned uboot, uboot read changed vbmeta (in therapy，uboot can disable avb, but not tested) "changed vbmeta"==resign vbmeta with changing part or all keys of avb-partitions

twrp in boot is just compile and sign as boot，which breaks normal boot

[Skorpion96]

38691 boot unsigned spl, spl boot unsigned uboot, uboot read changed vbmeta (in therapy，uboot can disable avb, but not tested) "changed vbmeta"==resign vbmeta with changing part or all keys of avb-partitions

twrp in boot is just compile and sign as boot，which breaks normal boot

So....we can boot unsigned stuff on devices with custom keys like ZTE (when we don't have an eng firmware and no partitions.xml) in theory? Imma try that on my ZTE Blade A52 then

nothing TomKing himself told me this method isn't compatible with my chipset...sad

[Fyramiz]

@TomKing062 So i need to remove the sign check from the FDL1 and and then patch it with your tool and flash it on the device?

[Praveenganisetti]

Is there any way to boot my custom kernel in this unisoc phone ?

[Skorpion96]

I was able to sign magisk boot and boot it successfully on the A52, I guess ZTE switched to default unisoc key on new models

[Fyramiz]

@Praveenganisetti does the OEM uses the stock keys?

[Praveenganisetti]

@Fyramiz i didn't know, but I'm using my custom keys to sign my boot images

[Fyramiz]

So you made your custom vbmeta having this boot image public key and signed using the OEM key, so that you don't need the OEM boot image key?

[TomKing062]

very few OEM provide kernel code

[Fyramiz]

Yeah, but maybe he got his kernel code, also @TomKing062 when i flashed the vendor boot and the vbmeta the device boot looped, any idea about this?

[Skorpion96]

So you made your custom vbmeta having this boot image public key and signed using the OEM key, so that you don't need the OEM boot image key?

How you did for vbmeta? I tried using the key I used for boot but it did not work, then I tried some vbmeta key provided by TomKing62 but no avail, bootloader refuses it

[Praveenganisetti]

@Fyramiz yes, Im using custom vbmeta and custom boot key to sign my images so i don't need oem or stock one

[Fyramiz]

Then proceed and flash and see if it works, also what device do you have?

[Praveenganisetti]

Then proceed and flash and see if it works, also what device do you have?

I've flashed so many times but device stuck on bootlogo and im unable to get pstore logs as well

[Skorpion96]

@TomKing062 would be possible to build a bootloader like that engineering one I have on my zte blade A5 2019 where system and vendor isn't checked or trustos would prevent it from booting? Or there would be signature issues? If such bootloader would run vbmeta wouldn't be a thing anymore

[Fyramiz]

Flash stock bootimage and vbmeta, then only flash vbmeta and see if it bootloops, if it doesn't, flash stock vbmeta then flash modified boot, so we determine if it's the boot image, or that the device doesn't accept modified vbmetas

[Fyramiz]

@Skorpion96 It will prevent, on my device that have seperate vbmeta only for the system, it doesn't check system, however if i modify the vbmeta, it will bootloop

[Praveenganisetti]

@Fyramiz Wait, are you talking to me or him ? Cause I'll already rooted my device with magisk and I'm using it too, I'm trying to boot my custom kernel

[Fyramiz]

@Praveenganisetti The "Flash stock bootimage and vbmeta, then only flash vbmeta and see if it bootloops, if it doesn't, flash stock vbmeta then flash modified boot, so we determine if it's the boot image, or that the device doesn't accept modified vbmetas" is for you

[p3y0t3]

Couldn't one just patch their u-boot to not sign check vbmeta?

On Sun, May 26, 2024, 6:24 AM Mbark Draoui @.***> wrote:

@Praveenganisetti https://github.com/Praveenganisetti The "Flash stock bootimage and vbmeta, then only flash vbmeta and see if it bootloops, if it doesn't, flash stock vbmeta then flash modified boot, so we determine if it's the boot image, or that the device doesn't accept modified vbmetas" is for you

— Reply to this email directly, view it on GitHub https://github.com/TomKing062/CVE-2022-38691_38692/issues/4#issuecomment-2132223449, or unsubscribe https://github.com/notifications/unsubscribe-auth/A5TIDED3SMJ3TFE3HWROHJLZEHPCBAVCNFSM6AAAAABHFKH6LSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZSGIZDGNBUHE . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[Fyramiz]

I would've beet tried it if i have a better internet connection ( cant even download GHIDRA from github)

[Skorpion96]

@Skorpion96 It will prevent, on my device that have seperate vbmeta only for the system, it doesn't check system, however if i modify the vbmeta, it will bootloop

I have it as well on my A52, maybe the key could be to mod that one instead?

[Praveenganisetti]

@Fyramiz well, device does accepts my custom vbmeta that's why i able to root my phone with magisk so here signing is not the issue. The real issue will be found on those pstore logs but it seems impossible to get them cause i shouldn't use power or volume keys to boot into my custom recovery or fastboot. Unlike unisoc most Qualcomm phone's able to boot automatically into fastboot if kernel panics so getting pstore logs is easy in Qualcomm devices.

[Praveenganisetti]

@Skorpion96 It will prevent, on my device that have seperate vbmeta only for the system, it doesn't check system, however if i modify the vbmeta, it will bootloop

I have it as well on my A52, maybe the key could be to mod that one instead?

Did you tried this guide on hovatek ?

https://www.hovatek.com/forum/thread-32664.html

[Skorpion96]

@Skorpion96 It will prevent, on my device that have seperate vbmeta only for the system, it doesn't check system, however if i modify the vbmeta, it will bootloop

I have it as well on my A52, maybe the key could be to mod that one instead?

Did you tried this guide on hovatek ?

https://www.hovatek.com/forum/thread-32664.html

Now I feel treated like an idiot, OFC I DID.... vbmeta is refused during flash from fastboot and even if I force it through dd it doesn't boot, bootloader rejects it

[Fyramiz]

@Fyramiz well, device does accepts my custom vbmeta that's why i able to root my phone with magisk so here signing is not the issue. The real issue will be found on those pstore logs but it seems impossible to get them cause i shouldn't use power or volume keys to boot into my custom recovery or fastboot. Unlike unisoc most Qualcomm phone's able to boot automatically into fastboot mode so getting pstore logs is easy in Qualcomm devices.

Why would you even want a custom kernel? @Praveenganisetti

[Praveenganisetti]

@Skorpion96 It will prevent, on my device that have seperate vbmeta only for the system, it doesn't check system, however if i modify the vbmeta, it will bootloop

I have it as well on my A52, maybe the key could be to mod that one instead?

Did you tried this guide on hovatek ? https://www.hovatek.com/forum/thread-32664.html

Now I feel treated like an idiot, OFC I DID.... vbmeta is refused during flash from fastboot and even if I force it through dd it doesn't boot, bootloader rejects it

Hay don't use fastboot that doesn't meant for unisoc device's. Use spd research download tool. Even I'm also experienced bootloop when I flashed with fastboot.

[Praveenganisetti]

@Fyramiz well, device does accepts my custom vbmeta that's why i able to root my phone with magisk so here signing is not the issue. The real issue will be found on those pstore logs but it seems impossible to get them cause i shouldn't use power or volume keys to boot into my custom recovery or fastboot. Unlike unisoc most Qualcomm phone's able to boot automatically into fastboot mode so getting pstore logs is easy in Qualcomm devices.

Why would you even want a custom kernel? @Praveenganisetti

Why not, i can improve my device security, performance, and i can bring nethunter support, custom rom's etc.. like I can do so many things

[Fyramiz]

I use nethunter without custom kernel using magisk

[Fyramiz]

I use nethunter without custom kernel using magisk

[Praveenganisetti]

I use nethunter without custom kernel using magisk

I'm also did but that is not nethunter that is nethunter lite. And it doesn't support usb, blutooth, wife related attack's

[Fyramiz]

@Skorpion96 It will prevent, on my device that have seperate vbmeta only for the system, it doesn't check system, however if i modify the vbmeta, it will bootloop

I have it as well on my A52, maybe the key could be to mod that one instead?

Did you tried this guide on hovatek ? https://www.hovatek.com/forum/thread-32664.html

Now I feel treated like an idiot, OFC I DID.... vbmeta is refused during flash from fastboot and even if I force it through dd it doesn't boot, bootloader rejects it

Hay don't use fastboot that doesn't meant for unisoc device's. Use spd research download tool. Even I'm also experienced bootloop when I flashed with fastboot.

You can flash with fastboot(fastbootd if super partition) @Praveenganisetti

[Praveenganisetti]

@Skorpion96 It will prevent, on my device that have seperate vbmeta only for the system, it doesn't check system, however if i modify the vbmeta, it will bootloop

I have it as well on my A52, maybe the key could be to mod that one instead?

Did you tried this guide on hovatek ? https://www.hovatek.com/forum/thread-32664.html

Now I feel treated like an idiot, OFC I DID.... vbmeta is refused during flash from fastboot and even if I force it through dd it doesn't boot, bootloader rejects it

Hay don't use fastboot that doesn't meant for unisoc device's. Use spd research download tool. Even I'm also experienced bootloop when I flashed with fastboot.

You can flash with fastboot(fastbootd if super partition) @Praveenganisetti

Yeah fastbootd mode i know, but it doesn't worked for me.

[Praveenganisetti]

And I'm talking about boot and vbmeta partition's

[Fyramiz]

Does your device have vendor_boot partition? If yes we MAY be able to some how run nethunter as a GKI(just a concept)

[Praveenganisetti]

No vendor boot

[Fyramiz]

Then, you need kernel source, however you might want to try the 4.14 kernel as it's source code in online in gitlab

[Praveenganisetti]

Then, you need kernel source, however you might want to try the 4.14 kernel as it's source code in online in gitlab

I have source code for my device. just need some debugging stuff.

[Fyramiz]

Then, google is your friend, also what is your device?

[Praveenganisetti]

Then, google is your friend, also what is your device?

Omix x400, and google doesn't help when unisoc keep everything secret.

[Fyramiz]

Did you try to build the kernel without any change? Maybe it's a rom issue

[Praveenganisetti]

Yeah may be it's a rom issue cause it is something called 'erofs' rom

[Fyramiz]

erofs is just the filesystem of the data partition, so if you wipe data after flashing the boot.img it may work(try this at your own risk), or why don't you just get rid of OmixUI and install a GSI

[Praveenganisetti]

My phone is not exactly is omix x400 but it is a clone to it like something called marketing strategy by some shity manufacturer. Thay just went to china and made a deal with omix mobile and imported all hardware and made some minimal changes to it and released in our indian market. Anyways I'll try that i hope it will work this time and thanks for your valuable information.

[Fyramiz]

No worries, however, even if the devices have the same hardware, that doesn't mean they're the same

On Sun, May 26, 2024, 6:24 PM PraveenGanisetti @.***> wrote:

My phone is not exactly is omix x400 but it is a clone to it like something called marketing strategy by some shity manufacturer. Thay just went to china and made a deal with omix mobile and imported all hardware and made some minimal changes to it and released in our indian market. Anyways I'll try that i hope it will work this time and thanks for your valuable information.

— Reply to this email directly, view it on GitHub https://github.com/TomKing062/CVE-2022-38691_38692/issues/4#issuecomment-2132292427, or unsubscribe https://github.com/notifications/unsubscribe-auth/BGHWLJ5SKJPAS2JICIN6A7DZEILFBAVCNFSM6AAAAABHFKH6LSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZSGI4TENBSG4 . You are receiving this because you were mentioned.Message ID: @.***>

[Praveenganisetti]

But the Design is also the same, and ofcourse thay just changed their logo and it comes with Android 11 go editon. and it seems like you know about omix and omix ui so do you have any omix mobile or just tell me where are you from ?