CE1CECL
commented
1 year ago I've added the leaked loaders, however they don't seem to be generic, except for the cc31 hash ones. Which vendor uses them ?
From what I can tell, they are used for unsigned devices, and they did come from QC's git, though it leaked like back around in 2015 or 2016. And the cc31 hash, who else uses it?, if you look at my last commit message, Mobvoi doesn't really use a one pkhash for their devices, so it would have to be generic. I see you deleted the cc31 file but didn't add the proper 8x09w one for it, while it didnt come from them, it works. (i did asked them if they could but they said they cant). As for the QC generic file names, well, its just renamed using fhloaderparse, so it can meet the requirements of the other files in the repo. (they did all start with prog* in other words) I did at one point know the url for the leak, but it was 403 for me, meaning it was easily findable but needed authorization for the site, which i dont have.
Dont want to get too off topic but: For the fhloaderparse, it does not combine the certs if there is more then one root in a chain, there is (as of now) a max of 16 root certs possible, to make sha256sum, and in order. (18 total, and all at one place, the header, the footer part is the payload rather)
I've added the leaked loaders, however they don't seem to be generic, except for the cc31 hash ones. Which vendor uses them ?