[Tutorial] How to create a custom signed vbmeta.img for Unisoc using AVBtool
[Tutorial] How to create a custom signed vbmeta.img for Unisoc using AVBtool
Follow the steps below to use AVBtool to create a custom signed vbmeta image for Unisoc / Spreadtrum (SPD)
python avbtool extract_public_key --key hovatek.pem --output keys/hovatek.bin
Minimum libavb version: 1.0
Header Block: 256 bytes
Authentication Block: 576 bytes
Auxiliary Block: 13504 bytes
Algorithm: SHA256_RSA4096
Rollback Index: 0
Flags: 0
Release String: 'avbtool 1.1.0'
Descriptors:
Chain Partition descriptor:
Partition Name: boot
Rollback Index Location: 1
Public key (sha1): ea410c1b46cdb2e40e526880ff383f083bd615d5
Chain Partition descriptor:
Partition Name: system
Rollback Index Location: 3
Public key (sha1): e2c66ff8a1d787d7bf898711187bff150f691d27
Chain Partition descriptor:
Partition Name: vendor
Rollback Index Location: 4
Public key (sha1): 9885bf5bf909e5208dfd42abaf51ad9b104ee117
Chain Partition descriptor:
Partition Name: product
Rollback Index Location: 10
Public key (sha1): 766a95798206f6e980e42414e3cb658617c27daf
Chain Partition descriptor:
Partition Name: dtbo
Rollback Index Location: 9
Public key (sha1): ea410c1b46cdb2e40e526880ff383f083bd615d5
Chain Partition descriptor:
Partition Name: recovery
Rollback Index Location: 2
Public key (sha1): d9093b9a181bdb5731b44d60a9f850dc724e2874
Chain Partition descriptor:
Partition Name: l_modem
Rollback Index Location: 5
Public key (sha1): e93e7d91ba1a46b81a5f15129b4dc5769bf41f26
Chain Partition descriptor:
Partition Name: l_ldsp
Rollback Index Location: 6
Public key (sha1): e93e7d91ba1a46b81a5f15129b4dc5769bf41f26
Chain Partition descriptor:
Partition Name: l_gdsp
Rollback Index Location: 7
Public key (sha1): e93e7d91ba1a46b81a5f15129b4dc5769bf41f26
Chain Partition descriptor:
Partition Name: pm_sys
Rollback Index Location: 8
Public key (sha1): e93e7d91ba1a46b81a5f15129b4dc5769bf41f26
Chain Partition descriptor:
Partition Name: dtb
Rollback Index Location: 11
Public key (sha1): ea410c1b46cdb2e40e526880ff383f083bd615d5
python avbtool make_vbmeta_image --key rsa4096_vbmeta.pem --algorithm SHA256_RSA4096 --flag 2 --chain_partition boot:1:keys/key_boot.bin --chain_partition system:3:keys/key_system.bin --chain_partition vendor:4:keys/key_vendor.bin --chain_partition product:10:keys/key_product.bin --chain_partition dtbo:9:keys/key_dtbo.bin --chain_partition recovery:2:keys/hovatek.bin --chain_partition l_modem:5:keys/key_l_modem.bin --chain_partition l_ldsp:6:keys/key_l_ldsp.bin --chain_partition l_gdsp:7:keys/key_l_gdsp.bin --chain_partition pm_sys:8:keys/key_pm_sys.bin --chain_partition dtb:11:keys/key_dtb.bin --padding_size 16384 --output vbmeta-sign-custom.img
--prop com.android.build.vendor.os_version:13
--include_descriptors_from_image product.img
python vbmeta_pad.py
Quote:In this video tutorial, I'll be explaining how to create a custom signed vmbeta image. These are the files you're going to need: the public keys, you can extract these ones from the stock vbmeta, I'll link to a guide on how to do that. I also have my AVBtool. I have my hovatek.pem. Its a private key which I created with OpenSSL, I'll link to that also. I have my rsa.pem which is my key used to sign my vbmeta image. Once you launch terminal as I did while talking, you run this command. this command is to run a check on the stock vbmeta image so I can get the information I need for future commands like the algorithm used and hashes.
Next, I'm going to create a public key using my private key. I'm using hovatek.pem. You can decide to use the rsa.pem as your private key also even though you're using it to sign vbmeta image. When I run this command, its going to create a file named hovatek.bin in the keys folder. This public key is going to be used to sign any partition I intend to flash a custom image to in the future. I'm going to be signing.. I'm going to be flashing to only recovery so I'm going to be signing only the recovery partition using this public key OK? Now, I'm going to run this command. This command is going to create my custom signed vbmeta image.
Now, I'm using the default public keys (extracted) from my stock vbmeta but for recovery, I'm going to replace the public key with my hovatek.bin public key. That means if I want to flash a recovery image to the recovery partition, I'll need to sign that recovery image using the hovatek.pem . I'll link to a guide on how to do that. Now, this command is going to create a vbmeta image which is 16kb. That's because the stock also has a padded size of 16kb but the overall size of stock is 1MB. That's because there's some Checksum that needs to be applied to a certain position. That's what this script is for, vbmeta_pad.py.
So you run this command also and this is going to generate a 1MB file. This is very identical to the stock. I'm going to run a command to see the information about or of this custom vbmeta image. When you compare it to the stock, you're going to see that its very identical; maybe the flag will just be different, which is 2 to disable verity checks and the hash for recovery partition is going to be different. Every other thing is going to be identical to what I have in stock and they're both the same signature.
You're going to need the keys your OEM used to sign your stock vbmeta if not this guide is not going to work. Unisoc uses the same key across, at least so far uses the same key across their models so I have my vbmeta. You can now flash it using fastboot.
(30-05-2020, 10:55 AM)mainframe Thanks for a great indepth guide. I was wondering how can i determine the padding used the stock image? The guide uses a 16k padding because the stock has that aswel, but can i check/verify the padding?
Thanks.
(25-07-2020, 12:06 PM)alim07 created vbmeta according to the instructions on one phone successfully on the other, too, but one of them is not stitched timeout, but on another phone model it is stitched. Both android 9 sc9863a, what is the reason for the assembly? bootlader not unlocked token not working
fastboot flash boot vbmeta_custom.img
(14-08-2020, 04:47 PM)Ejike Dex Hey guys thanks for this amazing site and all the informative resources. I followed your guide and was able to generate a signed vbmeta image .
My question now is, when flashing it via fastboot? is the command below correct or am I mistaking something?
Code:fastboot flash boot vbmeta_custom.img
fastboot flash vbmeta vbmeta_custom.img
(14-08-2020, 07:21 PM)hovatek(14-08-2020, 04:47 PM)Ejike Dex Hey guys thanks for this amazing site and all the informative resources. I followed your guide and was able to generate a signed vbmeta image .
My question now is, when flashing it via fastboot? is the command below correct or am I mistaking something?
Code:fastboot flash boot vbmeta_custom.img
Your command would flash vbmeta to boot partition.
It should be
Code:fastboot flash vbmeta vbmeta_custom.img
(14-08-2020, 10:33 PM)Ejike Dex Thank you very much. I am guessing after this I just have to flash a patched recovery image to the boot partition right? Flashing an Itel S15 running android 9 pie