Hovatek Forum DEVELOPMENT Android [Please help] Difficulties at creation of signed vmeta

[Please help] Difficulties at creation of signed vmeta

[Please help] Difficulties at creation of signed vmeta

Pages (2): 1 2 Next
LucasBS
LucasBS
LucasBS
Enthusiastic Member
12
23-07-2023, 08:53 PM
#1



Hello

I'm trying to follow this signing tutorial, but it's poorly detailed.

This part, in specific:
Code:

python avbtool make_vbmeta_image --key rsa4096_vbmeta.pem --algorithm SHA256_RSA4096 --flag 2 --chain_partition boot:1:keys/key_boot.bin --chain_partition system:3:keys/key_system.bin --chain_partition vendor:4:keys/key_vendor.bin --chain_partition product:10:keys/key_product.bin --chain_partition dtbo:9:keys/key_dtbo.bin --chain_partition recovery:2:keys/hovatek.bin --chain_partition l_modem:5:keys/key_l_modem.bin --chain_partition l_ldsp:6:keys/key_l_ldsp.bin --chain_partition l_gdsp:7:keys/key_l_gdsp.bin --chain_partition pm_sys:8:keys/key_pm_sys.bin --chain_partition dtb:11:keys/key_dtb.bin --padding_size 16384 --output vbmeta-sign-custom.img

Returns this:
Code:

Traceback (most recent call last):
  File "/AVB/avbtoolp3.py", line 4935, in <module>
    tool.run(sys.argv)
  File "/AVB/avbtoolp3.py", line 4739, in run
    args.func(args)
  File "/AVB/avbtoolp3.py", line 4765, in make_vbmeta_image
    self.avb.make_vbmeta_image(args.output, args.chain_partition,
  File "/AVB/avbtoolp3.py", line 2971, in make_vbmeta_image
    vbmeta_blob = self._generate_vbmeta_blob(
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/media/lucas/Porcarias/Temp/TempPad/AVB/avbtoolp3.py", line 3076, in _generate_vbmeta_blob
    with open(file_path, 'rb') as f:
        ^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: 'keys/key_boot.bin'


What boggles my mind is how this code worked on the tutorial (at least I don't see any mention of this error).

The intention of the author was to patch only the recovery (and that was the only written breadcrumb), but it doesn't say that I have to replace that keys/hovatec.bin to achieve that: I had to eyeball the code to figure how the intention was translated into a working code.

That didn't take less than an hour.

Following up, I realized there was indeed no key_boot.bin on the keys folder. Nor any .bin for the other relative references.

I only want to flash boot for now, and leave the others untouched. So, assuming that the others have to remain signed with the original keys from the .pac (vbmeta-sign.img) to achieve that untouchness (all of this is also a conjecture I'm forced to guess), I proceeded to this code:

Code:

python3 avbtoolp3.py make_vbmeta_image --key rsa4096_vbmeta.pem --algorithm SHA256_RSA4096 --flag 2 --chain_partition boot:1:keys/rsa4096_vbmeta.bin --chain_partition system:3:keys/vbmeta-sign.img --chain_partition vendor:4:keys/vbmeta-sign.img --chain_partition product:10:keys/vbmeta-sign.img --chain_partition dtbo:9:keys/vbmeta-sign.img --chain_partition recovery:2:keys/vbmeta-sign.img --chain_partition l_modem:5:keys/vbmeta-sign.img --chain_partition l_ldsp:6:keys/vbmeta-sign.img --chain_partition l_gdsp:7:keys/vbmeta-sign.img --chain_partition pm_sys:8:keys/vbmeta-sign.img --chain_partition dtb:11:keys/vbmeta-sign.img --padding_size 16384 --output vbmeta-sign-mod.img


But the result is a 10MB vbmeta-sign-custom.img. Very far from the 16kB file from the tutorial

What am I doing wrong ?

Thank you ahead

--------------------------------------------------------------------------------------------------
As a side question: will I have to sign boot.img later or only patch it with Magisk ?
AutoResponder
AutoResponder
AutoResponder
Verified Account
609
23-07-2023, 08:53 PM
#2
Thank you for reaching out for support. Due to high demand, our free support services may experience some delays in response time. We apologize for any inconvenience this may cause.
Alternatively, we offer private support where you can receive dedicated attention and prompt support. These sessions are designed to provide personalized solutions to your specific needs.
If you are interested in scheduling a private session, please visit https://www.hovatek.com/remote
Gargoyle
Gargoyle
Gargoyle
Contributor
514
25-07-2023, 09:23 AM
#3
You have to extract the keys from vbmeta-sign.img and replace only the one you need.

How to extract public keys from a vbmeta image
https://www.hovatek.com/forum/thread-32667.html

How to use AVBtool and a private key to sign a Unisoc (SPD) image
https://www.hovatek.com/forum/thread-32674.html
This post was last modified: 25-07-2023, 09:25 AM by Gargoyle.
LucasBS
LucasBS
LucasBS
Enthusiastic Member
12
25-07-2023, 11:22 PM
#4
(25-07-2023, 09:23 AM)Gargoyle You have to extract the keys from vbmeta-sign.img and replace only the one you need.

Indeed, I was missing THAT step.
It's right there. The eighth black dot on the list.

Will try now. Thank you.
LucasBS
LucasBS
LucasBS
Enthusiastic Member
12
27-07-2023, 08:20 PM
#5



Hello again !

I found THESE partitions in my vbmeta-sign.img

Code:

Partition Name:          boot
Rollback Index Location: 1
Partition Name:          dtbo
Rollback Index Location: 6
Partition Name:          socko
Rollback Index Location: 11
Partition Name:          odmko
Rollback Index Location: 12
Partition Name:          vbmeta_system
Rollback Index Location: 2
Partition Name:          vbmeta_system_ext
Rollback Index Location: 3
Partition Name:          vbmeta_vendor
Rollback Index Location: 4
Partition Name:          vbmeta_product
Rollback Index Location: 5
Partition Name:          l_modem
Rollback Index Location: 7
Partition Name:          l_ldsp
Rollback Index Location: 8
Partition Name:          l_gdsp
Rollback Index Location: 9
Partition Name:          pm_sys
Rollback Index Location: 10

But they don't match with this command:

Code:

python avbtool make_vbmeta_image --key rsa4096_vbmeta.pem --algorithm SHA256_RSA4096 --flag 2

--chain_partition boot:1:keys/key_boot.bin
--chain_partition system:3:keys/key_system.bin
--chain_partition vendor:4:keys/key_vendor.bin
--chain_partition product:10:keys/key_product.bin
--chain_partition dtbo:9:keys/key_dtbo.bin
--chain_partition recovery:2:keys/hovatek.bin
--chain_partition l_modem:5:keys/key_l_modem.bin
--chain_partition l_ldsp:6:keys/key_l_ldsp.bin
--chain_partition l_gdsp:7:keys/key_l_gdsp.bin
--chain_partition pm_sys:8:keys/key_pm_sys.bin
--chain_partition dtb:11:keys/key_dtb.bin

--padding_size 16384 --output vbmeta-sign-custom.img

Especially that socko or odmko, or vbmeta_system_ext...

Any idea which one goes where ?
And what are those numbers in front of every keys/partition.bin ?

Thank you ahead for any info.
This post was last modified: 27-07-2023, 08:21 PM by LucasBS. Edit Reason: Weird excessive space above
Gargoyle
Gargoyle
Gargoyle
Contributor
514
27-07-2023, 11:38 PM
#6
You have to modify the command according to your vbmeta-sign.img

--chain_partition boot:1:keys/key_boot.bin
--chain_partition dtbo:6:keys/key_dtbo.bin

etc
This post was last modified: 27-07-2023, 11:40 PM by Gargoyle.
LucasBS
LucasBS
LucasBS
Enthusiastic Member
12
28-07-2023, 03:54 PM
#7
Thank you for the reply.

I abandoned the partitions from the tutorial and replaced with mine, in order, also adopting the numbers after Rollback Index.

I don't know if you have any power on this forum, but if you have, please update that tutorial, because I'm starting to see I'm not the only person asking the same thing over and over. For instance.

I also see some recurring problems and people making the same mistakes. That could be addressed beforehand on that tutorial.
LucasBS
LucasBS
LucasBS
Enthusiastic Member
12
28-07-2023, 07:02 PM
#8
I thank you again Gargoyle/Hovatek for the attention shared here, but this little quest is far from over...

I patched everything, BUT IT DOESN´T WORK:
For a brief second or two, the tablet displays the logo picture, and the message on top saying that the bootloader is unlocked. THEN IT TURNS OFF.

What I did so far:

1 - Stole boot.img and vbmeta_sign.img from the .pac, and extracted useful information from them;

2a - From the untouched vbmeta_sign.img I extracted the many 408-length keys, according to this tutorial.
2b - Created rsa4096_vbmeta.bin, using the rsa4096_vbmeta.pem;
2c - Created the vbmeta_custom.img using the rsa4096_vbmeta.bin and the 408-length keys (in the right order). I only used rsa4096_vbmeta.bin. on the Boot partition.
2d - Padded the resulting vbmeta_custom.img, all according to the information from the info_image and HxD.

3a - The virgin boot.img I patched with Magisk;
3b - Signed the patched boot.img with the rsa4096_vbmeta.pem, according to this tutorial;

4a - fastboot flash vbmeta vbmeta_custom.img
OK
4b - fastboot flash boot boot.img
OK


I even tried to sign the virgin boot.img, that was not touched by Magisk. It doesn´t work either, leading me to believe the signing is to blame...

Any way I can diagnose the cause ?


A few stuff that might help:

vbmeta_custom:
Code:

Minimum libavb version:   1.0
Header Block:             256 bytes
Authentication Block:     576 bytes
Auxiliary Block:          14720 bytes
Public key (sha1):        2597c218aae470a130f61162feaae70afd97f011
Algorithm:                SHA256_RSA4096
Rollback Index:           0
Flags:                    2
Rollback Index Location:  0
Release String:           'avbtool 1.2.0'
Descriptors:
    Chain Partition descriptor:
      Partition Name:          boot
      Rollback Index Location: 1
      Public key (sha1):       2597c218aae470a130f61162feaae70afd97f011
    Chain Partition descriptor:
      Partition Name:          dtbo
      Rollback Index Location: 6
      Public key (sha1):       ea410c1b46cdb2e40e526880ff383f083bd615d5
    Chain Partition descriptor:
      Partition Name:          socko
      Rollback Index Location: 11
      Public key (sha1):       bc688cacacd959cfaafbf0549d080d6fc2d50a08
    Chain Partition descriptor:
      Partition Name:          odmko
      Rollback Index Location: 12
      Public key (sha1):       425215859f49f31809f16491c2a67e04df79baaf
    Chain Partition descriptor:
      Partition Name:          vbmeta_system
      Rollback Index Location: 2
      Public key (sha1):       e2c66ff8a1d787d7bf898711187bff150f691d27
    Chain Partition descriptor:
      Partition Name:          vbmeta_system_ext
      Rollback Index Location: 3
      Public key (sha1):       f204332ee2d0bec13ea120b73c5adcf7866bf889
    Chain Partition descriptor:
      Partition Name:          vbmeta_vendor
      Rollback Index Location: 4
      Public key (sha1):       9885bf5bf909e5208dfd42abaf51ad9b104ee117
    Chain Partition descriptor:
      Partition Name:          vbmeta_product
      Rollback Index Location: 5
      Public key (sha1):       766a95798206f6e980e42414e3cb658617c27daf
    Chain Partition descriptor:
      Partition Name:          l_modem
      Rollback Index Location: 7
      Public key (sha1):       e93e7d91ba1a46b81a5f15129b4dc5769bf41f26
    Chain Partition descriptor:
      Partition Name:          l_ldsp
      Rollback Index Location: 8
      Public key (sha1):       e93e7d91ba1a46b81a5f15129b4dc5769bf41f26
    Chain Partition descriptor:
      Partition Name:          l_gdsp
      Rollback Index Location: 9
      Public key (sha1):       e93e7d91ba1a46b81a5f15129b4dc5769bf41f26
    Chain Partition descriptor:
      Partition Name:          pm_sys
      Rollback Index Location: 10
      Public key (sha1):       e93e7d91ba1a46b81a5f15129b4dc5769bf41f26

Original boot:
Code:

Footer version:           1.0
Image size:               67108864 bytes
Original image size:      28712960 bytes
VBMeta offset:            28712960
VBMeta size:              2304 bytes
--
Minimum libavb version:   1.0
Header Block:             256 bytes
Authentication Block:     576 bytes
Auxiliary Block:          1472 bytes
Public key (sha1):        ea410c1b46cdb2e40e526880ff383f083bd615d5
Algorithm:                SHA256_RSA4096
Rollback Index:           0
Flags:                    0
Rollback Index Location:  0
Release String:           'avbtool 1.1.0'
Descriptors:
    Hash descriptor:
      Image Size:            28712960 bytes
      Hash Algorithm:        sha256
      Partition Name:        boot
      Salt:                  86590b4df8557402ea2adb9993bd3e9e3bd74c1ddb61b82fac901caa8121c179
      Digest:                ec7b274a35dd02fe916a1d4a9d550f3cb4fc648ffe0ec18b9256da89753c97b9
      Flags:                 0
    Prop: com.android.build.boot.fingerprint -> 'CTRONIQ/CTRONIQ-SNOOK-X10L/CTRONIQ-SNOOK-X10L:11/RP1A.201005.001/20211112:user/release-keys'
    Prop: com.android.build.boot.os_version -> '11'

Signed boot:
Code:

Footer version:           1.0
Image size:               67108864 bytes
Original image size:      28712960 bytes
VBMeta offset:            28712960
VBMeta size:              2112 bytes
--
Minimum libavb version:   1.0
Header Block:             256 bytes
Authentication Block:     576 bytes
Auxiliary Block:          1280 bytes
Public key (sha1):        2597c218aae470a130f61162feaae70afd97f011
Algorithm:                SHA256_RSA4096
Rollback Index:           0
Flags:                    0
Rollback Index Location:  0
Release String:           'avbtool 1.2.0'
Descriptors:
    Hash descriptor:
      Image Size:            28712960 bytes
      Hash Algorithm:        sha256
      Partition Name:        boot
      Salt:                  d2ecfa29b44f1a5d0ed10e22c1e8c1897ea35ee5b094fe55952847b2d3aabac7
      Digest:                61d51d599b48a923cb04740c697274fa7c6177956c67cc9154e9c61b0d70156c
      Flags:                 0

Notice that a few lines and values changed between the original and the patched. The key I was expecting to change, but the rest...
This post was last modified: 28-07-2023, 07:09 PM by LucasBS.
Gargoyle
Gargoyle
Gargoyle
Contributor
514
28-07-2023, 07:48 PM
#9
Prop: lines have no effect, but you can add them

--prop com.android.build.boot.fingerprint:CTRONIQ/CTRONIQ-SNOOK-X10L/CTRONIQ-SNOOK-X10L:11/RP1A.201005.001/20211112:user/release-keys
--prop com.android.build.boot.os_version:11
LucasBS
LucasBS
LucasBS
Enthusiastic Member
12
01-08-2023, 01:24 AM
#10
Hello !

1 - I appended those --prop when signing the boot image. As expected, no change;

2 - I also changed the --flag to 2 when signing the boot image. No change either;

3 - I also changed the code used to flash the vbmeta. I was using:

Code:

fastboot flash vbmeta_custom.img

And changed to

Code:

fastboot flash vbmeta --disable-verity --disable-verification vbmeta_custom.img

The only difference now is that the tablet bootloops instead of simply turning off.


Any other suggestion to find out why nothing is working ?
This post was last modified: 01-08-2023, 01:29 AM by LucasBS.
Pages (2): 1 2 Next
Users browsing this thread:
 1 Guest(s)
Users browsing this thread:
 1 Guest(s)
Join us
WhTlYt