Fake Motorola update signature to install 4.2.2 topic

The purpose of the thread is three-fold:

1) understand why a phone with 4.4 from the factory (not 4.4.2) cannot be downgraded by RSD Lite or motoboot to 4.2.2 with an exception that says "downgraded security" or similar
2) figure out if there is a way to fake whatever is detected during flashing to make it think it is receiving an upgrade and not a downgrade
3) figure out whether it is possible to modify the system
img from the 4.4 or 4.4.2 update and to inject root on a locked bootloader

Gesendet von meinem Nexus 4 mit Tapatalk

A3 signature scan for main table topic

Anyone got the correct signature & mask for Arma3? Currently making an arma3 sigscanner but I don't have the signature & mask for that.

Obviously

Quote:

\xA1\x00\x00\x00\x00\x8B\x40\x20\x81\xEC\x00\x00\x00\x00\x53\x56\x57\x33\xDB\x53\x68\x00\x00\x00\x00\x68\x00\x00\x00\x00\x53\x50\xE8\x00\x00\x00\x00\x8B\xF0 x????xxxxx????xxxxxxx????x????xxx????xx

isn't compatible

Also any advise on locating the signature & mask is welcomed as well, thanks.

My xda signature ? topic

Why it doesn`t show my Xda signature?
I had edited it before and saved them, but it doesn`t show under my posts!
What is my limiting?!

Edit: oh! Strange! i think it solved!!! when you edit your signature after that if you send the posts , it shows your signature,not the posts before.

so excuse me guys

[Q] How to Disable Signature Check? topic

Hello everyone, I'd like some help ..
Well, I have the following problem, I would remove the signature checking on system apps, because I want to modify the manifest.xml ..

I've tried everything and I can not .. :crying:

Services.jar\com\android\server\pm\PackageManagerService.smali

Code:

---

.method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
    .registers 9
    .param p0, "s1"    # [Landroid/content/pm/Signature;
    .param p1, "s2"    # [Landroid/content/pm/Signature;

    .prologue
    .line 2613
    if-nez p0, :cond_8

    .line 2614
    if-nez p1, :cond_6

    const/4 v6, 0x0

    .line 2633
    :goto_5
    return v6

    .line 2614
    :cond_6
    const/4 v6, -0x1

    goto :goto_5

    .line 2618
    :cond_8
    if-nez p1, :cond_c

    .line 2619
    const/4 v6, -0x2

    goto :goto_5

    .line 2621
    :cond_c
    new-instance v3, Ljava/util/HashSet;

    invoke-direct {v3}, Ljava/util/HashSet;-><init>()V

    .line 2622
    .local v3, "set1":Ljava/util/HashSet;, "Ljava/util/HashSet<Landroid/content/pm/Signature;>;"
    move-object v0, p0

    .local v0, "arr$":[Landroid/content/pm/Signature;
    array-length v2, v0

    .local v2, "len$":I
    const/4 v1, 0x0

    .local v1, "i$":I
    :goto_14
    if-ge v1, v2, :cond_1e

    aget-object v5, v0, v1

    .line 2623
    .local v5, "sig":Landroid/content/pm/Signature;
    invoke-virtual {v3, v5}, Ljava/util/HashSet;->add(Ljava/lang/Object;)Z

    .line 2622
    add-int/lit8 v1, v1, 0x1

    goto :goto_14

    .line 2625
    .end local v5    # "sig":Landroid/content/pm/Signature;
    :cond_1e
    new-instance v4, Ljava/util/HashSet;

    invoke-direct {v4}, Ljava/util/HashSet;-><init>()V

    .line 2626
    .local v4, "set2":Ljava/util/HashSet;, "Ljava/util/HashSet<Landroid/content/pm/Signature;>;"
    move-object v0, p1

    array-length v2, v0

    const/4 v1, 0x0

    :goto_26
    if-ge v1, v2, :cond_30

    aget-object v5, v0, v1

    .line 2627
    .restart local v5    # "sig":Landroid/content/pm/Signature;
    invoke-virtual {v4, v5}, Ljava/util/HashSet;->add(Ljava/lang/Object;)Z

    .line 2626
    add-int/lit8 v1, v1, 0x1

    goto :goto_26

    .line 2630
    .end local v5    # "sig":Landroid/content/pm/Signature;
    :cond_30
    invoke-virtual {v3, v4}, Ljava/util/HashSet;->equals(Ljava/lang/Object;)Z

    move-result v6

    if-eqz v6, :cond_38

    .line 2631
    const/4 v6, 0x0

    goto :goto_5

    .line 2633
    :cond_38
    const/4 v6, -0x3

    goto :goto_5
.end method

---

Running CM11 [Defy]

I apologize for my english .. :p

[Q] Huawei C8815 not able to Boot "Image Signature Verify Fail" topic

I have Huawei C8815, I am facing the following situation

I installed the stock ROM with 3 keys method, than i unlocked the network with networkunlock.bat file.

Later I tried to install one ROM by CWM Recover and I toggled Signature Verification to OFF

When I restarted my phone, It Shows "Image Signature Verify Fail"

1. My phone is not going to Recovery Mode Menu by Vol+ and Power button.
2. My phone is not going to ADB mode by VOL- and Power button.
In both these situations my phone shows "Image Signature verify fail" Install the image with correct signatures.

3.When I try to install the stock ROM by pressing Vol+ and Vol- and Power button, after step 1 in step 2 it says Update failed.

As per my knowledge when network is unlocked the phone will not accept the stock ROM. For Relocking the network we have a tool OFFICIAL FIRMWARE.BAT but for running the bat file the phone must be loaded in ADB mode. My phone is not loading adb drivers in any situation.

It is showing only drivers Android Sooner adb interface.

In this driver environment i cannot do any adb function with my phone.

What to do? I am stuck

I dont know much about JTAG and all. If anything is possible to do with JTAG or any other method, Please guide me in this matter

[Release] EyePatch - BattlEye Signature Blocker (PoC) topic

hi,

this is my first (own) release in this section here on UC, so bear with me. :)

since i was completely new to DayZ at all, i was playing around with the BE signatures and those sig scanners etc here at UC, gathering all the information i could find to get started and up to speed.

while playing with those signatures i had an idea and i almost didn't pursue it, because it seemed way too simple and stupid, but since i didn't find any information on that i just tried it anyways.

the result is a simple little tool i called "EyePatch", which is intended to 'block' the BE signature scanning by constantly setting the signature counter to zero.
obviously the signature counts and array don't get self-checked by BE like the rest of the executable code, because it's dynamic anyway i guess.
so to BE it simply looks like there are no signatures.

this is a proof of concept and it works completely external by just setting the counts to zero "extremely often". because of the concurrency there is always a very small chance, that BE runs it's signature scans EXACTLY in the millisecond before EyePatch resets the counter to zero.
but since the signatures are only transferred and updated every now and then the odds are extremely low.

i just tested it for half an hour or so while having CE attached to DayZ and i even started the detected "PerfectWeaponV2" i talked earlier about for quite some time and nothing happened. so i'm quite positive:



USE AT OWN RISK!
it also uses hardcoded pointers for the 1.206 BE version and blindly writes to them, so make sure the 1.206 version is running before starting EyePatch.
It has to be started after BEClient.dll has been loaded anyways!

Instructions:

Quote:

Start DayZ and enter a server Wait for the BE version and GUID messages. Make sure it's the 1.206 version! (IMPORTANT) Start EyePatch and check the output. It should print the number of found signature scans ("FindWindow: 4" etc.) When you can see "setting sig counts to zero" and at least one dot, it's working It may print a dot everything it's detected that the signatures have been overwritten again.

Please also notice: It currently only blocks the signatures it prints the counts out for. Simply because i didn't need / work on them until now. Process3 is missing for example, so are those EBP scans.
But you can use FindWindow programs (Cheat Engine), Process and Module scans and so on. Scripts should also work but i didnt test that.

AGAIN: Use at own risk!

Download: EyePatch - BattlEye Signature Blocker
(written in C# so the source is basically included. it also uses the small runtime obfuscation technique i mentioned in another thread)

0x90