Skip to content
/ mkmzupdate Public

Encrypt or decrypt firmware for use with MEIZU devices.

License

GPL-2.0 license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

yousong/mkmzupdate

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
aes.c
aes.c
 
 
aes.h
aes.h
 
 
aescrypt.c
aescrypt.c
 
 
aescrypt.h
aescrypt.h
 
 
mkmzupdate.c
mkmzupdate.c
 
 
mkmzupdate.h
mkmzupdate.h
 
 
mzkeys.c
mzkeys.c
 
 
sha256.c
sha256.c
 
 
sha256.h
sha256.h
 
 

Repository files navigation

A glance of usage output

Usage: ./mkmzupdate -m <model> -e|-d [-i FILE] [-o FILE]
Encrypt or decrypt firmware for use with MEIZU devices.

	-m, --model     model name, e.g. mx3, etc.
	-i, --input     input file (defaults to stdin)
	-o, --output    output file (defaults to stdout)
	-e, --encrypt   encrypt image
	-d, --decrypt   decrypt image
	-h, --help      show this help text

Currently supported models: mx3 mx2 mx

Decrypt and encrypt between update.bin and update.zip

./mkmzupdate -d -m mx3 -i MX3.Flyme.OS.4.5.7.1A.bin -o x.zip
./mkmzupdate -e -m mx3 -i x.zip -o x.bin

How update.zip is signed

The following files in the META-INF dicrectory are about verification

MANIFEST.MF					contains base64-encoded sha1/sha256 digest of each file in the zip
CERT.SF						SF is for Signature File
							contains base64-encoded sha1/sha256 digest of MANIFEST.MF and each entry in it
CERT.RSA/CERT.EC			pkcs7-signedData
com/android/otacert			certificate for signature verification

There must exist also a file in /system/etc/security/otacerts.zip the same as com/android/otacert.

To make the OEM firmware accept a customized update.zip, we need to sign the update.zip with our own keys and put the corresponding certificate into /system/etc/security/otacerts.zip. To do this we need to re-mount /system with rw attribute which requires root privileges.

Inspect the content with openssl

openssl x509 -in com/android/otacert -noout -text
# -i for indentation according to depth
openssl asn1parse -in com/android/otacert -i

openssl asn1parse -in CERT.RSA -inform DER -i
# extract certificate from cert.pem.  It should have the same parameters as
# com/android/otacert though possibly differnt checksum
openssl pkcs7 -in CERT.RSA -inform DER -print_certs -out cert.pem

# -noverify disables verification of signers of a signed message
openssl smime -noverify -verify -in CERT.RSA -inform DER -content CERT.SF com/android/otacert

How entries in CERT.SF are generated

# The first 3 lines of CERT.SF contain base64-encoded digest of the whole MANIFEST.MF
#
#	Signature-Version: 1.0
#	Created-By: 1.0 (Android SignApk)
#	SHA1-Digest-Manifest: vBqgtaM2XU2iSXDw/GTFH4vdYBM=
#
# A entry in MANIFEST.MF
s = (
	"Name: custom/3rd-party/apk/Alipay.apk\r\n"
	"SHA1-Digest: 9x4MgXHxkGneHJuHfvLBe+GCdlY=\r\n"
	"\r\n"
)

import hashlib
import base64

s1 = hashlib.sha1()
s1.update(s)
d = s1.digest()
# SHA1-Digest-Manifest: ImJbqdPG1KTXNcTon1SgR4Cl+E0=
print base64.b64encode(d)

Links

Credits

About

Encrypt or decrypt firmware for use with MEIZU devices.

Resources

Readme

License

GPL-2.0 license
Activity

Stars

5 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages