[Tutorial] How to extract public keys from a vbmeta image
[Tutorial] How to extract public keys from a vbmeta image
Follow the steps below to extract public keys from a vbmeta image
search for : 00 00 10 00
search direction : forward
00 00 08 00
or
00 00
Minimum libavb version: 1.0
Header Block: 256 bytes
Authentication Block: 320 bytes
Auxiliary Block: 2432 bytes
Algorithm: SHA256_RSA2048
Rollback Index: 0
Flags: 0
Release String: 'avbtool 1.1.0'
Descriptors:
Chain Partition descriptor:
Partition Name: recovery
Rollback Index Location: 1
Public key (sha1): 0aa0987116fc792f36bc909b0a4d530413f02a54
Chain Partition descriptor:
Partition Name: system
Rollback Index Location: 2
Public key (sha1): fa41159a5d696abdef93176a07d0b0d001263f01
Hashtree descriptor:
Version of dm-verity: 1
Image Size: 299536384 bytes
Tree Offset: 299536384
Tree Size: 2367488 bytes
Data Block Size: 4096 bytes
Hash Block Size: 4096 bytes
FEC num roots: 0
FEC offset: 0
FEC size: 0 bytes
Hash Algorithm: sha1
Partition Name: vendor
Salt: a8e93fa28d41067338c5bee0665a377ff148c048fc64fa5674373324a5a44907
Root Digest: 3f2acb5619b3cfa2feeb972ca8df5670bc3f8876
Flags: 0
Hash descriptor:
Image Size: 32480 bytes
Hash Algorithm: sha256
Partition Name: dtbo
Salt: a8e93fa28d41067338c5bee0665a377ff148c048fc64fa5674373324a5a44907
Digest: c0783c1edff92bf2e9af9ce370b930c245a5c60a047597c7d5a0dbf832943258
Flags: 0
Hash descriptor:
Image Size: 6729728 bytes
Hash Algorithm: sha256
Partition Name: boot
Salt: a8e93fa28d41067338c5bee0665a377ff148c048fc64fa5674373324a5a44907
Digest: 1c0fc132d5903f7a3722ba338438bb5121ed26486789005505a4c40f608c8e55
Flags: 0
(06-09-2020, 06:34 PM)guest765 Hi, the keys I have extracted have wildly different offset numbers except for recovery and system (they are both 208). The verification output is very different from yours too. Am I right in thinking that only the chain partitions need to have the same offset?
TIA
...
(04-12-2020, 06:15 AM)mohamedfaky Hello, i'm trying to extract public keys from my vbmeta but facing some issues.. first the structure of vbmeta is quite weird and different that what expected to be.. i have no problem with that for now, the real issue here is that i can't find another 00 00 08 00 at the end of last partition's public key.. OEM's vbmeta uses SHA256_RSA2048 as encrypting algorithm and i can find only 00 00 08 00 at the beginning of vendor which is the last partition here, so i can't decide where is the end of public key.. i'm trying to get public keys to build a new vbmeta with custom recovery key to be able to use it safely when i relock my bootloader.
(03-05-2021, 04:44 PM)liOnux.fr Thanks a lot for this tuto !
But there are errors in the names of 3 partitions :
Real names are l_gdsp , l_ldsp , l_modem and not gdsp , ldsp , lmodem.
If we use the Hovatek keys, then the flashing is blocked on "writing...". Some forum members have had this problem.
(04-05-2021, 11:13 AM)X3nonExactely, that's why people have to change the names of partitions in the command given here : @ [ Login to download](03-05-2021, 04:44 PM)liOnux.fr Thanks a lot for this tuto !
But there are errors in the names of 3 partitions :
Real names are l_gdsp , l_ldsp , l_modem and not gdsp , ldsp , lmodem.
If we use the Hovatek keys, then the flashing is blocked on "writing...". Some forum members have had this problem.
the file names must not be the exact partition name, anything will work so long as you can tell that file A should be for partition A
(12-03-2020, 11:16 PM)X3non 25. Open the other keys you saved and confirm that they all have the same final offset value (in my case it's 408). If yes then you're all goodWhat to do if the offset value may be other an couple files? I need to delete 00 (empty) value from the top? If i did that than offset value will be 408 (in my case too).