oppo_decrypt – Oppo/Oneplus .ops Firmware decrypter
Tested with “MSMDownloadTool V4.0” for Oneplus 5, Frida 10.4 and Windoze
backdoor.py : Enables hidden “readback” functionality
decrypt.py : Decrypts any part of the firmware
Based on Frida.re and python 3.6
Windows only, sorry folks !
Oneplus 5 QD-Loader decryption: ‘python decrypt.py “MsmDownloadTool V4.0.exe” 0 0x92880’
Enable readback mode: ‘python backdoor.py “MsmDownloadTool V4.0.exe”‘
Dump/Verify Android Verified Boot Signature Hash
For researching Android Verified Boot issues
To exploit TZ image verification 🙂
python verify_signature.py boot.img
Issues: Might not work with AVB Version 2.0 or higher
android-efi is a simple EFI bootloader for Android™ boot images. It accepts the partition GUID of an Android boot partition on the command line, loads the kernel, ramdisk and command line and finally hands over control to the kernel.[…]
Ilya Bizyaev posts on the Intel Android-IA mailing list about working to get Halium port of the ASUS ZenFone5:
I am writing to announce that I am working on a Halium (halium.org) port for ASUS ZenFone 5, a Clovertrail+ based phone. Porting Halium base to this Intel platform enables numerous open-source projects, including Ubuntu Touch (ubports.com), Plasma Mobile (plasma-mobile.org), LuneOS (webos-ports.org) and Mer (merproject.org) to use all of the Clovertrail+ devices for development and testing. I am proud to report that as of now, the Halium build system supports using custom Intel boot tools, and the device boasts a stable 3.10 kernel and Android 7.1-based system build that has Wi-Fi, touch sensor, hardware keys, LEDs and vibrator working.
Full post: email@example.com archives.
Hmm, I didn’t know about Halium…
From the Halium blog’s initial post:
Over the years, various efforts have been made to bring GNU/Linux to mobile devices (for example Maemo, Meego, Mer, SailfishOS, Ubuntu Touch, Plasma Mobile). They have either achieved their individual goals or are working in direction of achieving them. During the development of such projects it was suggested multiple times that these communities should work together as their ultimate goal is the same. However due to various reasons this never happened in the past. However we believe that it is time to change this situation. Currently distributions like AsteroidOS, LuneOS, Mer, Plasma Mobile, SailfishOS, and Ubuntu Touch have one thing in common that they use the libhybris to interact with the android binary blobs and they also run the various android daemons using different methods. And there is lot of fragementation on how this task is handled even though these parts don’t need to be different as their essential goal is to make use of android binary blobs. Project Halium is the effort by the community which aims to bring the common grounds for different distributions and have a common base which includes the Linux kernel, Android Hardware Abstraction Layer, and libhybris. Project Halium also aims to standardize the middlewares used to interact with the hardware of the device. By having these parts shared, we believe that it will reduce the fragmentation we have currently.[…]
CopperheadOS is “A security and privacy focused mobile operating system compatible with Android apps.“.
It appears the company is having problems trying to monetize an open sourced operating system. I hope they can solve things, they’re doing interesting security things with Android.