Skip to content

Instantly share code, notes, and snippets.

@wfjsw

wfjsw/help-wanted.md

Last active September 23, 2024 15:47
Download ZIP

Revisions

  1. wfjsw revised this gist May 13, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion help-wanted.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,5 +1,5 @@
    # Help-Wanted

    1. ~~Find out the exact encryption algorithm used by `aes_decrypt` (hint: use IDA Pro against `/sbin/recovery` )~~ it is aes-ecb
    2. Extract the 128-bit ECB Key (binary is [here](https://transfer.sh/X6bDd/recovery), 0x23f08)
    2. Extract the 128-bit ECB Key (binary is [here](https://transfer.sh/X6bDd/recovery), aarch64 elf, 0x23f08)
    3. Implement external decryptor
  2. wfjsw revised this gist May 13, 2017. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions help-wanted.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,5 +1,5 @@
    # Help-Wanted

    1. ~~Find out the exact encryption algorithm used by `aes_decrypt` (hint: use IDA Pro against `/sbin/recovery` )~~ it is aes-ecb
    2. Extract the 128-bit ECB Key
    3. Implement external decryptor (low priority)
    2. Extract the 128-bit ECB Key (binary is [here](https://transfer.sh/X6bDd/recovery), 0x23f08)
    3. Implement external decryptor
  3. wfjsw revised this gist Apr 29, 2017. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions help-wanted.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,5 +1,5 @@
    # Help-Wanted

    1. ~~Find out the exact encryption algorithm used by `aes_decrypt` (hint: use IDA Pro against `/sbin/recovery` )~~ must be ecb
    2. Extract the Key & IV (no `/res/keys` is for package verify)
    1. ~~Find out the exact encryption algorithm used by `aes_decrypt` (hint: use IDA Pro against `/sbin/recovery` )~~ it is aes-ecb
    2. Extract the 128-bit ECB Key
    3. Implement external decryptor (low priority)
  4. wfjsw revised this gist Apr 29, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -27,4 +27,4 @@ An ordinary OZIP file is constructed with following schema:
    The Data section contains an ordinary encrypted zip file.

    ### Encryption
    1. From `offset:00000000` , for every `offset+:00004010` , the following 16 bytes is encrypted by AES-???-ECB *(key unknown)* (should be 128 here)
    1. From `offset:00000000` , for every `offset+:00004010` , the following 16 bytes is encrypted by AES-128-ECB *(key unknown)*
  5. wfjsw revised this gist Apr 29, 2017. 1 changed file with 1 addition and 2 deletions.
    3 changes: 1 addition & 2 deletions help-wanted.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,6 +1,5 @@
    # Help-Wanted

    ~~1. Find out the exact encryption algorithm used by `aes_decrypt` (hint: use IDA Pro against `/sbin/recovery` )~~ must be ecb

    1. ~~Find out the exact encryption algorithm used by `aes_decrypt` (hint: use IDA Pro against `/sbin/recovery` )~~ must be ecb
    2. Extract the Key & IV (no `/res/keys` is for package verify)
    3. Implement external decryptor (low priority)
  6. wfjsw revised this gist Apr 29, 2017. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions help-wanted.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,5 +1,6 @@
    # Help-Wanted

    ~~1. Find out the exact encryption algorithm used by `aes_decrypt` (hint: use IDA Pro against `/sbin/recovery` )~~ must be ecb

    2. Extract the Key & IV (no `/res/keys` is for package verify)
    3. Implement external decryptor (low priority)
  7. wfjsw revised this gist Apr 29, 2017. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions help-wanted.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,5 +1,5 @@
    # Help-Wanted

    1. Find out the exact encryption algorithm used by `aes_decrypt` (hint: use IDA Pro against `/sbin/recovery` )
    ~~1. Find out the exact encryption algorithm used by `aes_decrypt` (hint: use IDA Pro against `/sbin/recovery` )~~ must be ecb
    2. Extract the Key & IV (no `/res/keys` is for package verify)
    3. Implement external decryptor
    3. Implement external decryptor (low priority)
  8. wfjsw revised this gist Apr 29, 2017. 2 changed files with 1 addition and 2 deletions.
    2 changes: 1 addition & 1 deletion help-wanted.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,5 +1,5 @@
    # Help-Wanted

    1. Find out the exact encryption algorithm used by `aes_decrypt` (hint: use IDA Pro against `/sbin/recovery` )
    2. Extract the Key & IV (there is `/res/keys` but in doubt)
    2. Extract the Key & IV (no `/res/keys` is for package verify)
    3. Implement external decryptor
    1 change: 0 additions & 1 deletion keys
    View file
    Original file line number Diff line number Diff line change
    @@ -1 +0,0 @@
    v2 {64,0x21f1e7df,{3030871009,2842029203,1929385157,2419016909,3454985444,2486397662,1360059226,853154771,2873759498,2578644392,1582363043,2685416563,3237255012,3594113390,3878175413,282122635,1845705519,1195060747,760266334,140201540,4118401149,2725441178,2470396251,397495803,1322468134,1871363886,498664064,3153971293,599614159,634620673,1127330002,3670500566,198457062,533426947,3290460683,3422699966,1020281669,2255583709,3683804111,746035459,265158054,1304378763,4267412360,2890052389,106413499,2907980922,3972144378,4205869343,2786459372,3001399179,3489341285,3835879666,2129799349,826756855,2704418538,612286472,1589179455,1356403430,828528331,696665454,3419204559,216198987,2302499813,3213534307},{1838615475,330594015,2745287708,1718207388,4033826842,4286413672,90632729,1960271026,1308804442,2976112877,1042325945,4245894705,4186410531,3587683325,1966058381,480280129,2924388259,2594871575,2472211682,2078811536,985248642,1197325012,3406034336,522553429,2835719301,1651786156,1725089536,1248010008,3787939026,2865666383,2582425002,147682539,151142165,2562728940,3544254365,4206323572,4186296689,355557828,2056962021,1859056201,292705186,3191596100,1022716305,2617287658,538610595,350065096,2241755361,855919095,1206358961,1386705353,1147115145,1488298227,263843590,1973005069,1811035954,3178646117,1961330788,4159009647,1167398822,1701538246,1463902700,1702722051,4111618202,1727630027}}
  9. wfjsw revised this gist Apr 29, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -27,4 +27,4 @@ An ordinary OZIP file is constructed with following schema:
    The Data section contains an ordinary encrypted zip file.

    ### Encryption
    1. From `offset:00000000` , for every `offset+:00004010` , the following 16 bytes is encrypted by AES-???-ECB *(key unknown)* (should be 256 here)
    1. From `offset:00000000` , for every `offset+:00004010` , the following 16 bytes is encrypted by AES-???-ECB *(key unknown)* (should be 128 here)
  10. wfjsw revised this gist Apr 29, 2017. 1 changed file with 3 additions and 3 deletions.
    6 changes: 3 additions & 3 deletions ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -15,9 +15,9 @@ An ordinary OZIP file is constructed with following schema:

    | offset | size | type | description |
    |--------|---------|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
    | 0 | 16 | header | Always contain `OPPOENCRYPT! (00) (00) (00) (00)` (by vendor) |
    | 17 | 16 | decompressed size | in bytes (suffix (00)) |
    | 33 | 48 | hash | SHA1 of the decrypted data (40 bytes) |
    | 0 | 16 | header | Always contain `4F 50 50 4F 45 4E 43 52 59 50 54 21 00 00 00 00 ; OPPOENCRYPT!....` (by vendor) |
    | 17 | 16 | decompressed size | in bytes (append `00 ; .`) |
    | 33 | 48 | hash | SHA1 of the decrypted data (40 bytes, append `00 ; .`) |
    | 81 | variant | recovery instruction | Example: ``` ota-id=R9s_11.A.14_014_201611261040 (0A) ota_version=R9s_11.A.14_014_201611261040 (0A) patch_type=1 (0A) post-timestamp=1480130654 (0A) version_name=R9s_11_A.14_161126 (0A) wipe=0 ``` |

    ## Data
  11. wfjsw revised this gist Apr 29, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -27,4 +27,4 @@ An ordinary OZIP file is constructed with following schema:
    The Data section contains an ordinary encrypted zip file.

    ### Encryption
    1. From `offset:00000000` , for every `offset+:00004010` , the following 16 bytes is encrypted by AES-???-ECB *(key unknown)*
    1. From `offset:00000000` , for every `offset+:00004010` , the following 16 bytes is encrypted by AES-???-ECB *(key unknown)* (should be 256 here)
  12. wfjsw revised this gist Apr 29, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion help-wanted.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,5 +1,5 @@
    # Help-Wanted

    1. Find out the exact encryption algorithm used by `aes_decrypt` (hint: use IDA Pro against `/sbin/recovery` )
    2. Extract the Key & IV
    2. Extract the Key & IV (there is `/res/keys` but in doubt)
    3. Implement external decryptor
  13. wfjsw revised this gist Apr 29, 2017. 1 changed file with 5 additions and 0 deletions.
    5 changes: 5 additions & 0 deletions help-wanted.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,5 @@
    # Help-Wanted

    1. Find out the exact encryption algorithm used by `aes_decrypt` (hint: use IDA Pro against `/sbin/recovery` )
    2. Extract the Key & IV
    3. Implement external decryptor
  14. wfjsw revised this gist Apr 29, 2017. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions keys
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1 @@
    v2 {64,0x21f1e7df,{3030871009,2842029203,1929385157,2419016909,3454985444,2486397662,1360059226,853154771,2873759498,2578644392,1582363043,2685416563,3237255012,3594113390,3878175413,282122635,1845705519,1195060747,760266334,140201540,4118401149,2725441178,2470396251,397495803,1322468134,1871363886,498664064,3153971293,599614159,634620673,1127330002,3670500566,198457062,533426947,3290460683,3422699966,1020281669,2255583709,3683804111,746035459,265158054,1304378763,4267412360,2890052389,106413499,2907980922,3972144378,4205869343,2786459372,3001399179,3489341285,3835879666,2129799349,826756855,2704418538,612286472,1589179455,1356403430,828528331,696665454,3419204559,216198987,2302499813,3213534307},{1838615475,330594015,2745287708,1718207388,4033826842,4286413672,90632729,1960271026,1308804442,2976112877,1042325945,4245894705,4186410531,3587683325,1966058381,480280129,2924388259,2594871575,2472211682,2078811536,985248642,1197325012,3406034336,522553429,2835719301,1651786156,1725089536,1248010008,3787939026,2865666383,2582425002,147682539,151142165,2562728940,3544254365,4206323572,4186296689,355557828,2056962021,1859056201,292705186,3191596100,1022716305,2617287658,538610595,350065096,2241755361,855919095,1206358961,1386705353,1147115145,1488298227,263843590,1973005069,1811035954,3178646117,1961330788,4159009647,1167398822,1701538246,1463902700,1702722051,4111618202,1727630027}}
  15. wfjsw revised this gist Apr 29, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -27,4 +27,4 @@ An ordinary OZIP file is constructed with following schema:
    The Data section contains an ordinary encrypted zip file.

    ### Encryption
    1. From `offset:00000000` , for every `offset+:00004010` , the following 16 bytes is encrypted by *unknown algorithm*
    1. From `offset:00000000` , for every `offset+:00004010` , the following 16 bytes is encrypted by AES-???-ECB *(key unknown)*
  16. wfjsw revised this gist Apr 28, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -17,7 +17,7 @@ An ordinary OZIP file is constructed with following schema:
    |--------|---------|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
    | 0 | 16 | header | Always contain `OPPOENCRYPT! (00) (00) (00) (00)` (by vendor) |
    | 17 | 16 | decompressed size | in bytes (suffix (00)) |
    | 33 | 48 | hash | SHA1 of the decrypted data |
    | 33 | 48 | hash | SHA1 of the decrypted data (40 bytes) |
    | 81 | variant | recovery instruction | Example: ``` ota-id=R9s_11.A.14_014_201611261040 (0A) ota_version=R9s_11.A.14_014_201611261040 (0A) patch_type=1 (0A) post-timestamp=1480130654 (0A) version_name=R9s_11_A.14_161126 (0A) wipe=0 ``` |

    ## Data
  17. wfjsw revised this gist Apr 28, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -17,7 +17,7 @@ An ordinary OZIP file is constructed with following schema:
    |--------|---------|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
    | 0 | 16 | header | Always contain `OPPOENCRYPT! (00) (00) (00) (00)` (by vendor) |
    | 17 | 16 | decompressed size | in bytes (suffix (00)) |
    | 33 | 48 | hash | *unknown type* ( 40 byte hash + 8 byte (00) ) (it contains SHA1, but no idea whether extra data is present) |
    | 33 | 48 | hash | SHA1 of the decrypted data |
    | 81 | variant | recovery instruction | Example: ``` ota-id=R9s_11.A.14_014_201611261040 (0A) ota_version=R9s_11.A.14_014_201611261040 (0A) patch_type=1 (0A) post-timestamp=1480130654 (0A) version_name=R9s_11_A.14_161126 (0A) wipe=0 ``` |

    ## Data
  18. wfjsw revised this gist Apr 28, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -17,7 +17,7 @@ An ordinary OZIP file is constructed with following schema:
    |--------|---------|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
    | 0 | 16 | header | Always contain `OPPOENCRYPT! (00) (00) (00) (00)` (by vendor) |
    | 17 | 16 | decompressed size | in bytes (suffix (00)) |
    | 33 | 48 | hash | *unknown type* ( 40 byte hash + 8 byte (00) |
    | 33 | 48 | hash | *unknown type* ( 40 byte hash + 8 byte (00) ) (it contains SHA1, but no idea whether extra data is present) |
    | 81 | variant | recovery instruction | Example: ``` ota-id=R9s_11.A.14_014_201611261040 (0A) ota_version=R9s_11.A.14_014_201611261040 (0A) patch_type=1 (0A) post-timestamp=1480130654 (0A) version_name=R9s_11_A.14_161126 (0A) wipe=0 ``` |

    ## Data
  19. wfjsw revised this gist Apr 23, 2017. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -23,6 +23,7 @@ An ordinary OZIP file is constructed with following schema:
    ## Data

    > (The following offset have meta-header stripped)
    The Data section contains an ordinary encrypted zip file.

    ### Encryption
  20. wfjsw revised this gist Apr 23, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -22,7 +22,7 @@ An ordinary OZIP file is constructed with following schema:

    ## Data

    (The following offset have meta-header stripped)
    > (The following offset have meta-header stripped)
    The Data section contains an ordinary encrypted zip file.

    ### Encryption
  21. wfjsw revised this gist Apr 23, 2017. 1 changed file with 3 additions and 2 deletions.
    5 changes: 3 additions & 2 deletions ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -23,6 +23,7 @@ An ordinary OZIP file is constructed with following schema:
    ## Data

    (The following offset have meta-header stripped)
    The Data section contains an ordinary zip file, which is encrypted by
    The Data section contains an ordinary encrypted zip file.

    1. from offset:00000000, for every offset+:00004010, the following 16 bytes is encrypted by *unknown algorithm*
    ### Encryption
    1. From `offset:00000000` , for every `offset+:00004010` , the following 16 bytes is encrypted by *unknown algorithm*
  22. wfjsw revised this gist Apr 23, 2017. 1 changed file with 10 additions and 3 deletions.
    13 changes: 10 additions & 3 deletions ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -16,6 +16,13 @@ An ordinary OZIP file is constructed with following schema:
    | offset | size | type | description |
    |--------|---------|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
    | 0 | 16 | header | Always contain `OPPOENCRYPT! (00) (00) (00) (00)` (by vendor) |
    | 17 | 16 | decompressed size | in bytes |
    | 33 | 48 | hash | *unknown type* |
    | 81 | variant | recovery instruction | Example: ``` ota-id=R9s_11.A.14_014_201611261040 (0A) ota_version=R9s_11.A.14_014_201611261040 (0A) patch_type=1 (0A) post-timestamp=1480130654 (0A) version_name=R9s_11_A.14_161126 (0A) wipe=0 ``` |
    | 17 | 16 | decompressed size | in bytes (suffix (00)) |
    | 33 | 48 | hash | *unknown type* ( 40 byte hash + 8 byte (00) |
    | 81 | variant | recovery instruction | Example: ``` ota-id=R9s_11.A.14_014_201611261040 (0A) ota_version=R9s_11.A.14_014_201611261040 (0A) patch_type=1 (0A) post-timestamp=1480130654 (0A) version_name=R9s_11_A.14_161126 (0A) wipe=0 ``` |

    ## Data

    (The following offset have meta-header stripped)
    The Data section contains an ordinary zip file, which is encrypted by

    1. from offset:00000000, for every offset+:00004010, the following 16 bytes is encrypted by *unknown algorithm*
  23. wfjsw revised this gist Apr 23, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -18,4 +18,4 @@ An ordinary OZIP file is constructed with following schema:
    | 0 | 16 | header | Always contain `OPPOENCRYPT! (00) (00) (00) (00)` (by vendor) |
    | 17 | 16 | decompressed size | in bytes |
    | 33 | 48 | hash | *unknown type* |
    | 81 | variant | recovery instruction | Example: ``` ota-id=R9s_11.A.14_014_201611261040ota_version=R9s_11.A.14_014_201611261040patch_type=1post-timestamp=1480130654version_name=R9s_11_A.14_161126wipe=0 ``` |
    | 81 | variant | recovery instruction | Example: ``` ota-id=R9s_11.A.14_014_201611261040 (0A) ota_version=R9s_11.A.14_014_201611261040 (0A) patch_type=1 (0A) post-timestamp=1480130654 (0A) version_name=R9s_11_A.14_161126 (0A) wipe=0 ``` |
  24. wfjsw revised this gist Apr 23, 2017. 1 changed file with 4 additions and 4 deletions.
    8 changes: 4 additions & 4 deletions ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -6,10 +6,10 @@ An ordinary OZIP file is constructed with following schema:

    ### Overall

    | offset | size | type | description |
    |--------|------|--------|--------------------------------|
    | 0 | 4176 | header | See [Meta header](#meta-header |
    | 4177 | rest | Data | encrypted zip |
    | offset | size | type | description |
    |--------|------|--------|---------------------------------|
    | 0 | 4176 | header | See [Meta header](#meta-header) |
    | 4177 | rest | Data | encrypted zip |

    ### Meta header

  25. wfjsw revised this gist Apr 23, 2017. 1 changed file with 4 additions and 4 deletions.
    8 changes: 4 additions & 4 deletions ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -6,10 +6,10 @@ An ordinary OZIP file is constructed with following schema:

    ### Overall

    | offset | size | type | description |
    |--------|------|--------|-------------------|
    | 0 | 4176 | header | See [Meta header] |
    | 4177 | rest | Data | encrypted zip |
    | offset | size | type | description |
    |--------|------|--------|--------------------------------|
    | 0 | 4176 | header | See [Meta header](#meta-header |
    | 4177 | rest | Data | encrypted zip |

    ### Meta header

  26. wfjsw created this gist Apr 23, 2017.
    21 changes: 21 additions & 0 deletions ozip.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,21 @@
    # OPPOENCRYPT OZIP Specs

    ## Schema

    An ordinary OZIP file is constructed with following schema:

    ### Overall

    | offset | size | type | description |
    |--------|------|--------|-------------------|
    | 0 | 4176 | header | See [Meta header] |
    | 4177 | rest | Data | encrypted zip |

    ### Meta header

    | offset | size | type | description |
    |--------|---------|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
    | 0 | 16 | header | Always contain `OPPOENCRYPT! (00) (00) (00) (00)` (by vendor) |
    | 17 | 16 | decompressed size | in bytes |
    | 33 | 48 | hash | *unknown type* |
    | 81 | variant | recovery instruction | Example: ``` ota-id=R9s_11.A.14_014_201611261040ota_version=R9s_11.A.14_014_201611261040patch_type=1post-timestamp=1480130654version_name=R9s_11_A.14_161126wipe=0 ``` |