Add sahara v3 firehose support device list

[soralis0912]

Sahara v3 is no show PKHASH need --loader option But now filename is difficulty

So I think add support device list file

[soralis0912]

like this format

filename,manufacturer,devicename,pkhash

[RenateUSB]

If you can pull one of the system files (xbl, abl, cmnlib, modem...) off your device (or an update) you can get the PK hash that way.

[RenateUSB]

I think it's worse than that, possibly. I think that the format for Secure Boot files has changed and that they are now compressed/encrypted. I'm looking at a Motorola Firehose loader and it's nothing like the ones we know. It's in ELF format, but the giveaway is the CPU field is zero and it's a 32 bit ELF.

32 bit ELF
CPU:    AT&T WE 32100

[RenateUSB]

There are a dozen of these CPU=0 files elsewhere, but here are 4 on this repo:

https://github.com/bkerler/Loaders/blob/main/lenovo_motorola/0000000002e80000_467f3020c4cc788d_fhprg.bin https://github.com/bkerler/Loaders/blob/main/lenovo_motorola/001870e102e80000_467f3020c4cc788d_fhprg.bin https://github.com/bkerler/Loaders/blob/main/nothing/000b80e100020000_467f3020c4cc788d_fhprg.bin https://github.com/bkerler/Loaders/blob/main/oneplus/0000000000020000_467f3020c4cc788d_fhprg_op10pro.bin

[RenateUSB]

Ok, it's simply 5 stacked ELF files. The signing isn't even the same as the normal single ELFs. The 4 ELFs on the end use an incompatible Version 7 header for the signing. Two are signed by Qualcomm, two are signed by the OEM.

[hoplik]

Hi, all! RenateUSB respect! You're right, as always, Hawkeye! These new programmers come with version number 7 (address 1004). These are five elf files assembled into one elf. There are 18-30 certificates and choosing the hash of one root of them will not solve the problem completely, because the file name can be generated, but it is not possible to request a hash from the device. It is necessary to understand the specification of the Sahara v3.0 protocol and the operation of the device according to it. Here I tried to disassemble the fifth elf to get the device tree. Apparently, these are the first steps towards a new algorithm for analyzing programmers. https://4pda.to/forum/index.php?showtopic=643084&view=findpost&p=128019877 A couple of pages earlier there is a link to a new programer for analysis from Huawei Mate. And here's another one I recently got together with the guys from India for Motorola. https://xdaforums.com/t/moto-g-stylus-xt2315-5g-firehose.4699293/

[RenateUSB]

Oh, qcomview.exe has handled the "stacked" ELFs for a while now. I just uploaded the latest version.