Possibly Useful Backflip Certificate

This is a discussion on Possibly Useful Backflip Certificate within the Motorola Backflip Development & Hacking forums, part of the Motorola Backflip category; I just extracted this from cefs.mbn which I extracted from the 0.13.35 update SBF using PSAS analyzer software .. It appears to be a valid ...

Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Possibly Useful Backflip Certificate

  1. #1
    Member weasel5i2's Avatar
    Join Date
    May 2010
    Location
    Austin, TX
    Posts
    87

    Possibly Useful Backflip Certificate(s)

    I just extracted this from cefs.mbn which I extracted from the 0.13.35 update SBF using PSAS analyzer software.. It appears to be a valid certificate, but I'm not sure if it's a public key or a private key.. Can anyone make any use of this? When I get home from work, I will try signing a copy of the SuperUser hack update.zip with this cert, and see if the phone will accept it..

    I have a feeling that is probably not going to be useful, but let's not be pessimistic.

    Plus, SkrilaxCZ is getting VERY close to r00ting the Backflip. Much closer than I've been able to get. He understands the internal workings of the Motus hardware much more intimately than I do. My only real experience with Moto stuff has been hacking seem files on ancient TDMA/CDMA handsets up to the V3 series.. This new Android-capable hardware is new to me, but I am definitely learning a lot of new stuff.

    EDIT: It isn't a signing cert. It is a CA cert, establishing a chain of trust. HOWEVER, the next two certs I am posting here ARE Motorola certs, and are unverifiable (I imagine without the chain established by THIS cert, hehe)


    --W5i2
    Attached Files Attached Files

  2. Android.net is the premier Android Forum. Registered users do not see these ads. .

  3. #2
    Member weasel5i2's Avatar
    Join Date
    May 2010
    Location
    Austin, TX
    Posts
    87
    Two certs I extracted from bootsec.mbn. They absolutely do appear to be Motorola certificates. Whether or not they can sign stuff is a different story, the ending of which is to be determined later tonight.

    --W5i2
    Attached Files Attached Files

  4. #3
    Member weasel5i2's Avatar
    Join Date
    May 2010
    Location
    Austin, TX
    Posts
    87
    OK, ignore the previous two attachments. I went ahead and used PSAS to extract all the certs from all of the secured MBN files. Here's what I found:

    Attached file, 0.13.35-all-certs-found.zip:

    • amsssec.mbn-certs(2).zip
    • appsbootsec.mbn-certs(2).zip
    • bootsec.mbn-certs(3).zip
    • cefs.mbn-certs(1).zip
    • oemsblsec.mbn-certs(2).zip
    • qcsblsec.mbn-certs(3).zip
    • recoverysec.mbn-certs(2).zip
    • systemsec.mbn-certs(67!!).zip - 67 certificates found!
    • userdatasec.mbn-certs(2).zip

    I need to compare these files when I get home and see how many of them are copies of the same cert(s).
    Attached Files Attached Files

  5. #4
    Junior Member shiftylock's Avatar
    Join Date
    Jun 2010
    Posts
    15
    Wow... good luck!!! Keep us posted and congrats!!!

  6. #5
    Junior Member mimaketi's Avatar
    Join Date
    Mar 2010
    Posts
    15
    I made a quick perl script (if u want it ill post it) to go through the dirs and diff everything with every other cert. these are the same. (groups are all the same file, newlines denote new group.)


    amsssec.mbn-certs2/2.cer
    appsbootsec.mbn-certs2/2.cer
    bootsec.mbn-certs3/2.cer
    oemsblsec.mbn-certs2/2.cer
    recoverysec.mbn-certs2/2.cer
    systemsec.mbn-certs67/67.cer
    userdatasec.mbn-certs2/2.cer

    appsbootsec.mbn-certs2/1.cer
    bootsec.mbn-certs3/1.cer
    oemsblsec.mbn-certs2/1.cer
    recoverysec.mbn-certs2/1.cer
    systemsec.mbn-certs67/66.cer
    userdatasec.mbn-certs2/1.cer

  7. #6
    Junior Member monday's Avatar
    Join Date
    Jun 2010
    Posts
    14
    So are these the private keys that are needed to root the Backflip?

  8. #7
    Member weasel5i2's Avatar
    Join Date
    May 2010
    Location
    Austin, TX
    Posts
    87
    @Mimaketi: Awesome, thank you for that, saved me some time! This means, however, that the bulk of those 67 certs are unique! I need to do more analysis on them and see if I can't figure out exactly what they are for.

    @monday: Not sure yet.. Maybe! ^_^ Still need to do some experimenting..

    --W5i2

  9. #8
    Junior Member knigitz's Avatar
    Join Date
    Jun 2010
    Posts
    14
    Quote Originally Posted by weasel5i2 View Post
    I just extracted this from cefs.mbn which I extracted from the 0.13.35 update SBF using PSAS analyzer software.. It appears to be a valid certificate, but I'm not sure if it's a public key or a private key.. Can anyone make any use of this? When I get home from work, I will try signing a copy of the SuperUser hack update.zip with this cert, and see if the phone will accept it..

    I have a feeling that is probably not going to be useful, but let's not be pessimistic.

    Plus, SkrilaxCZ is getting VERY close to r00ting the Backflip. Much closer than I've been able to get. He understands the internal workings of the Motus hardware much more intimately than I do. My only real experience with Moto stuff has been hacking seem files on ancient TDMA/CDMA handsets up to the V3 series.. This new Android-capable hardware is new to me, but I am definitely learning a lot of new stuff.

    EDIT: It isn't a signing cert. It is a CA cert, establishing a chain of trust. HOWEVER, the next two certs I am posting here ARE Motorola certs, and are unverifiable (I imagine without the chain established by THIS cert, hehe)


    --W5i2
    It's a class 3 signing cert containing an encrypted public key, thumbprint and thumbprint algorithm.

  10. #9
    Moderator SSeymour's Avatar
    Join Date
    Mar 2010
    Posts
    97
    Ive posted some more CA Certs in this thread if they can be of any use to you,they are available

    http://www.backflipforums.com/forum/...-backflip.html

  11. #10
    Member weasel5i2's Avatar
    Join Date
    May 2010
    Location
    Austin, TX
    Posts
    87
    OK, so it is obvious I know nothing about PKI. :P

    There are no Private Keys, which is what we need. These all appear to be Public Keys, which is not useful. Using openssh, I scanned all the files for useful stuff, which found nothing. Lots of public keys and various CA certs, but not a single private key to be found.

    If, in a PKI usage situation, one were to release the Private keys, the whole point of PKI would be invalid. To have even imagined that the private keys would have been included in the public released images, is just plain silly.

    Sorry for wasting everyone's time re: these certs.

    Still hacking away at the Backflip, though..

    --W5i2

Page 1 of 2 12 LastLast

Remove Ads

http://www.scramblerducati.org/

Sponsored Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Search tags for this page

certs but that backflip tho

,

change oemsblsec.mbn

,

motorola cefs.mbn

,

systemsec.mbn

Click on a term to search our sites for related topics.
Android Forum