<OwariDa>
things i'd like to determine includes how the /efs/nv_data.bin file is encrypted and how the MD5 is calculated (since it's not a straight MD5 of the file).
Turilo has quit [Quit: Why is the alphabet in that order? Is it because of that song?]
gladiac1337 has joined #teamhacksung
<OwariDa>
no reversers here? :P
chris41g has quit [Read error: Operation timed out]
ricotz has quit [Quit: Ex-Chat]
chris41g has joined #teamhacksung
pawitp has joined #teamhacksung
sunri5e has quit [Ping timeout: 276 seconds]
sunri5e has joined #teamhacksung
toxicthunder has joined #teamhacksung
mad-murdock has joined #teamhacksung
sunri5e has quit [Ping timeout: 252 seconds]
sunri5e has joined #teamhacksung
ncultures has joined #teamhacksung
ncultures has left #teamhacksung [#teamhacksung]
sunri5e has quit [Read error: Operation timed out]
sunri5e has joined #teamhacksung
peterperfect has joined #teamhacksung
peterperfect has left #teamhacksung [#teamhacksung]
ricotz has joined #teamhacksung
ricotz has quit [Changing host]
ricotz has joined #teamhacksung
ldiamond has joined #teamhacksung
ldiamond has quit [Changing host]
ldiamond has joined #teamhacksung
Rebellos has joined #teamhacksung
mad-murdock has quit [Ping timeout: 248 seconds]
toxicthunder has left #teamhacksung [#teamhacksung]
angelsl has joined #teamhacksung
mad-murdock has joined #teamhacksung
Turtuga has quit [Read error: Connection reset by peer]
thens has joined #teamhacksung
datagutt has joined #teamhacksung
jsermer has joined #teamhacksung
mad-murdock has quit [Ping timeout: 252 seconds]
<angelsl>
do any samsung phones use /dev/gsmtty%d?
Turtuga has joined #teamhacksung
mad-murdock has joined #teamhacksung
mad-murdock has quit [Ping timeout: 252 seconds]
peterperfect has joined #teamhacksung
gladiac1337_ has joined #teamhacksung
bytecode has joined #teamhacksung
gladiac1337 has quit [Ping timeout: 256 seconds]
gladiac1337_ has quit [Client Quit]
gladiac1337 has joined #teamhacksung
paulk-desktop has joined #teamhacksung
peterperfect has left #teamhacksung [#teamhacksung]
ricotz has quit [Quit: Ex-Chat]
drupol has quit [Remote host closed the connection]
drupol has joined #teamhacksung
bytecode has quit [Remote host closed the connection]
angelsl has quit [Ping timeout: 255 seconds]
angelsl has joined #teamhacksung
w00tc0d3 has quit [Read error: Connection reset by peer]
w00tc0d3 has joined #teamhacksung
psychoid has quit [Ping timeout: 252 seconds]
psychoid has joined #teamhacksung
drupol has quit [Quit: Leaving.]
thens has quit [Ping timeout: 255 seconds]
ricotz has joined #teamhacksung
<codeworkx>
OwariDa: look at replicant. they reversed galaxy nexus and galaxy s2 modem
<w00tc0d3>
paulk-desktop: nope, no RE experience :(
<paulk-desktop>
w00tc0d3, it's not really mandatory
<paulk-desktop>
w00tc0d3, so you should start by learning about strace and trying it with the rild binary
<paulk-desktop>
do you know C at least?
<w00tc0d3>
paulk-desktop: I'm quite familiar with C++/java :)
<paulk-desktop>
that should do it I guess, but note that we are not big fans of OOP
<paulk-desktop>
anyway I guess strace and reading the existing code is the basis, looking at the kernel driver is a good idea too
<paulk-desktop>
perhaps we should have written some documentation about how libsamsung-ipc works
<paulk-desktop>
and a description of the samsung-ipc protocol
<paulk-desktop>
so feel free to ask
<paulk-desktop>
I'll be off soon, but you can write to me at paulk [at] replicant.us
<paulk-desktop>
w00tc0d3, also your device must be GSM, not CDMA
<w00tc0d3>
paulk-desktop: ahah. strace rild? i'll look at the kernel & existing code! :) Thank you, if I've more questions, could I ask them in the future? :)
<paulk-desktop>
feel free to ask about anything, and send a mail when i'm not on IRC
<OwariDa>
paulk-desktop: and thanks to you too, for linking to the updated repos. :)
afkcode is now known as bytecode
<paulk-desktop>
OwariDa, what are you looking for actually?
d0wngrade has joined #teamhacksung
<OwariDa>
paulk-desktop: looking to be able to modify the nv_data.bin file, primarily.
<paulk-desktop>
ah :)
<paulk-desktop>
I already performed SIM unlock there
<paulk-desktop>
libsamsung-ipc won't help with that though
<paulk-desktop>
we send the bare file as-is
<OwariDa>
ok. :) i know it's a bit of a taboo subject on forums etc due to people using it on stolen phones etc, but i want to figure out how to change the IMEI as well.
<paulk-desktop>
OwariDa, mhh why would you want to do that?
<paulk-desktop>
it's probably not legal
<paulk-desktop>
All I can tell is that if you search hard enough, you'll find how to do it
<chris41g>
of course its not legal, but niether is unlocking phones now
<chris41g>
in the states anyway
<OwariDa>
paulk-desktop: here in sweden there are lots of people selling new phones, that they bought cheap since they get a 2 year subscription plan as well etc. then they stop paying for their subscription, and the phone (which they sold) gets blocked.
psychoid has joined #teamhacksung
<OwariDa>
i would at least like to be able to change the IMEI to some other phone i own, that i don't use anymore.
<OwariDa>
but yes. probably not legal anyway.
<d0wngrade>
Had a quick question regarding Fascinate development... I cloned teamhacksung's git for fascinatemtd and extracted the files from my phone. One: one of the files isn't found on the device, and Two: in "setup-makefiles.sh" the MAKEFILE variable goes one parent too high (it goes to my home directory). Was wondering why when I source and then lunch the option for the fascinate isn't there?
<paulk-desktop>
OwariDa, well then, search hard :)
<OwariDa>
hehe. thanks. i've found tables used for AES and SHA-256 in the baseband code already, and CRC32. haven't seen any MD5 code so far though.
<paulk-desktop>
OwariDa, it's not _that_ hard
<paulk-desktop>
no encryption
<OwariDa>
haha, ah. i just assumed it was encrypted.
<paulk-desktop>
it's just stored "in a weird way", but not really encrypted
<chris41g>
if its anything like cdma, its in backwards pairs
<paulk-desktop>
we're getting close to something :)
djselbeck has joined #teamhacksung
<OwariDa>
if i've understood it correctly, it's stored right after the SSNV string, which is at offset 0x180004.
shezar has joined #teamhacksung
d0wngrade has quit [Quit: Page closed]
<paulk-desktop>
OwariDa, wrong offset I think
<OwariDa>
oh.
<paulk-desktop>
lemme find it back
<OwariDa>
chris41g: any reference regarding what you mean by backwards pairs?
<chris41g>
well hex is in pairs
<chris41g>
00 DD XX BB
<chris41g>
would be stored as
<chris41g>
BB XX DD 00
<paulk-desktop>
say you were to enter a random offset, perhaps E880
<paulk-desktop>
perhaps it would work, or perhaps not
<paulk-desktop>
then perhaps you'd recognize your current IMEI in some way, or not
<chris41g>
the individual pairs are not backwards, just the order of the pairs
<OwariDa>
paulk-desktop: :D
<OwariDa>
E880 is just a bunch of FF:s in my nv_data.bin, so i guess i should keep looking for random offsets. ;)
<paulk-desktop>
ah my bad
<paulk-desktop>
what's your phone again?
<OwariDa>
GT-i9300
<paulk-desktop>
this was for crespo
<paulk-desktop>
one that I don't own
<paulk-desktop>
I'll look on galaxy s2 (same modem), wait a sec
<OwariDa>
chris41g: if only the order of the pairs are backwards, i think your example is wrong. :) you mean 00 DD XX BB -> XX BB 00 DD? otherwise it's just MSB -> LSB or LSB -> MSB?
<OwariDa>
paulk-desktop: thanks!
<chris41g>
by pair i mean two digits
<chris41g>
not to sets of 2
<chris41g>
err two sets of 2
<OwariDa>
chris41g: two hexdigits, e.g, AB -> BA?
<chris41g>
let me reexplain lol
<chris41g>
say meid(cdma) is AB BA FF BC DF
<chris41g>
it is stored as DF BC FF BA AB
<OwariDa>
ok, in that case it's just reverse byte ordering?
<paulk-desktop>
mhh I can't find it on galaxys2 nv_data
<chris41g>
i dont think that is relevant to anything i know about
<chris41g>
oh nvm, it jumped to the last post lol
<chris41g>
i thought thats what you linked
<OwariDa>
hehe, ah. :)
<chris41g>
well no... thats actually a lot different than CDMA
<chris41g>
opposite concept
<chris41g>
reverse the pairs instead of their order
<OwariDa>
oh. :) so what you're refering to with "reversing pairs" is just to reverse the byte-ordering?
<chris41g>
yes
<OwariDa>
hehe, ok.
<chris41g>
that actually makes the imei look like an esn
<OwariDa>
chris41g: ah.
<OwariDa>
my IMEI is not stored encoded with neither reverse byte ordering, nor the method used on the LG phone, in my nv_data.bin.
<OwariDa>
ah. hmm, am i correct in assuming that it's libsec-ril.so and not the actual baseband that i need to reverse to figure out the nv_data.bin format?
<OwariDa>
in that case, much easier. :D
a3Dman has quit [Ping timeout: 272 seconds]
ricotz has quit [Quit: Ex-Chat]
humberos has quit [Ping timeout: 264 seconds]
bytecode has quit [Remote host closed the connection]
djselbeck has quit [Ping timeout: 276 seconds]
shezar has quit [Remote host closed the connection]
<OwariDa>
hehe, ah! figured out how the nv_data.bin.md5 is calculated now. :)
<OwariDa>
straight MD5 of nv_data.bin, with a final touch. ;)
<OwariDa>
and yes, they do actually use encryption.
<OwariDa>
now i know where the AES key is stored. ;)
peterperfect has quit [Ping timeout: 252 seconds]
arikb has quit [Remote host closed the connection]
arikb has joined #teamhacksung
jsermer has quit [Remote host closed the connection]