loader for msm8216

[Minha-D]

Please Can any one provide loader for following : 22:43:59: Sahara protocol completed

Received S/N CPU - 11AB51FC HWID - 007070E100000000 OEM_PK_HASH (64) - 996C7888282743ACED72ACC73D3228DBF4938C291AC05931A79E45BC0BCE268A SBL SW Ver. - 00000001

[ElectroBoy404NotFound]

Which mobile is it? What CPU does it use?

[Minha-D]

Which mobile is it? What CPU does it use?

Samsung Galaxy grand prime. Snapdragon 410

[RenateUSB]

I don't see that hash anywhere, but a Snapdragon 410 is a bit older. Might it not have Secure Boot enabled? Many of the qualcomm/factory/msm???? seem to support the MSM8216 If you have a partition like xbl/abl/cmnlib or something, post it so we can check the hashing on that.

[Minha-D]

I don't see that hash anywhere, but a Snapdragon 410 is a bit older. Might it not have Secure Boot enabled? Many of the qualcomm/factory/msm???? seem to support the MSM8216 If you have a partition like xbl/abl/cmnlib or something, post it so we can check the hashing on that.

I have tried loaders from qualcomm/factory/msmxxxx none of them support MSM_ID:0x007070E1. And I have checked it's factory firmware there is no partition image as xbl/abl/cmnlib. But it has sbl.img

[RenateUSB]

Many of the loaders refer to MSM8216. Post the sbl.img, please.

[Minha-D]

Sorry it's not sbl.img. it's sbl1.mbn Here is the file sbl1.zip

[RenateUSB]

That sbl1.mbn is actually an ELF file and signed by Samsung so:

d282db63 7345f047 7b6026de 54061686 c6db4dfe 6ff2a4ff 54d142cf e67f97bd

There are actually 18 certificates in this file! I have no idea why that is. The last one (root) has the PK hash above, but none of the other 17 are 996C7...

Maybe this device does not have Secure Boot enabled? OTOH, it could be enforcing the HW_ID. I don't know.

[Minha-D]

That sbl1.mbn is actually an ELF file and signed by Samsung so:

d282db63 7345f047 7b6026de 54061686 c6db4dfe 6ff2a4ff 54d142cf e67f97bd

There are actually 18 certificates in this file! I have no idea why that is. The last one (root) has the PK hash above, but none of the other 17 are 996C7...

Maybe this device does not have Secure Boot enabled? OTOH, it could be enforcing the HW_ID. I don't know.

It might be enforcing HW_ID. And this device might have secure boot enabled, because when i used "lk2nd" secondary bootloader by postmarketOS to boot Linux in thik device it said secure boot enabled. I have found loaders for (0x007050E1) which is for msm8916 and also found loaders for (0x007060E1) but couldn't found any for msm8216 hw_id:(0x007070E1).

[Minha-D]

@RenateUSB Could you check this partitions partitions.zip

[RenateUSB]

emmc_appsboot.mbn is a 32 bit ELF file signed with 18 Samsung certs. The other two are some sort of raw binary data files.

[Minha-D]

@RenateUSB thanks for your help. I have a tz.img , I think which is trust zone. Can it help?

[RenateUSB]

The emmc_appsboot.mbn has the same hash as the sbl1 and different from what Sahara said. So, either your device is not Secure Boot or else there are more PK hashes than what Sahara quoted. I do not have any faith that this EDL client prints out all the PK hashes when there are multiples.

In any case, it's pointless to check the other ~40 other partitions with ELF files for hashes.

[Minha-D]

@RenateUSB thanks for your help

[RenateUSB]

If you run that with full debug you can see when the PK hash comes over. You can see that it's 32 bytes (64 hexits, 256 bits), but there are usually 3 copies sent (96 bytes). We don't know if these 3 copies are the same or empty.