Uncategorized

copperheadOS: Samsung missing security features needed for Android Verified Boot

Tweets from CopperheadOS, a security-centric Android-based distribution, are a good source of Android security news, since they’re stretching the boundaries of the open source android release.

Standard
Uncategorized

postmarketOS: liberating bootloaders and cellular modem firmware of MediaTek phones

Liberating Bootloaders and Cellular Modem Firmware of MediaTek Phones

As a community project, and one that encourages contributors to work on what they like, we have attracted people with a broad range of interests and skill levels. Recently a small hacking group #postmarketOS-lowlevel has emerged, and its masterminds @McBitter and @unrznbl are eager to introduce you to the madness that awaits when digging deeper and deeper in the embedded hardware and software stack. But before we get started, please keep in mind that these are moon shots. So while there is some little progress, it’s mostly about letting fellow hackers know what we’ve tried and what we’re up to, in the hopes of attracting more interested talent to our cause. After all, our philosophy is to keep the community informed and engaged during the development phase! For those new to postmarketOS, we are a group of developers, hackers, and hobbyists who have come together with a common goal of giving a ten year life cycle to mobile phones. This is accomplished by using a simple and sustainable architecture borrowed from typical Linux distributions, instead of using Android’s build system. The project is at an early stage and isn’t useful for most people at this point. Check out the newly-updated front page for more information, the previous blog post for recent achievements, and the closed pull requests to be informed about what’s going on up to the current minute. Let’s dive in!

https://postmarketos.org/blog/2018/04/14/lowlevel/

https://github.com/postmarketOS/
https://wiki.postmarketos.org/wiki/Devices

 

Standard
Uncategorized

Google introduces Android Enterprise Recommended program

https://www.android.com/enterprise/recommended/requirements/

https://www.android.com/enterprise/recommended/

https://androidenterprisepartners.withgoogle.com/#!/results/browse-all/2

Standard
Uncategorized

CopperheadOS on Android Verified Boot 2.0 docs

https://android.googlesource.com/platform/external/avb/#device-specific-notes

https://android-review.googlesource.com/c/platform/external/avb/+/582100

Standard
Uncategorized

oppo_decrypt – Oppo/Oneplus .ops Firmware decrypter

oppo_decrypt – Oppo/Oneplus .ops Firmware decrypter

Tested with “MSMDownloadTool V4.0” for Oneplus 5, Frida 10.4 and Windoze
backdoor.py : Enables hidden “readback” functionality
decrypt.py : Decrypts any part of the firmware
Based on Frida.re and python 3.6
Windows only, sorry folks !
Oneplus 5 QD-Loader decryption: ‘python decrypt.py “MsmDownloadTool V4.0.exe” 0 0x92880’
Enable readback mode: ‘python backdoor.py “MsmDownloadTool V4.0.exe”‘

https://github.com/bkerler/oppo_decrypt

http://www.oppo.com/
https://oneplus.net/

 

Standard
Uncategorized

dump_avb_signature: dump/verify Android Verified Boot signature hash

Dump/Verify Android Verified Boot Signature Hash
For researching Android Verified Boot issues
To exploit TZ image verification 🙂

python verify_signature.py boot.img

Issues: Might not work with AVB Version 2.0 or higher

https://github.com/bkerler/dump_avb_signature

 

Standard