Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Sony Reader > Sony Reader Dev Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 10-07-2012, 11:00 AM   #31
ebmr
Zealot
ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.
 
Posts: 101
Karma: 34554
Join Date: Aug 2012
Device: none
Quote:
Originally Posted by Shark69 View Post
Russian people are shaking the device again.

Another Russian guy, Garyn, has just achieved a dump of the whole firm...
for the information. Let's hope that this will help to gain root access on the T2.
ebmr is offline   Reply With Quote
Old 10-07-2012, 11:27 AM   #32
m3l7d0wN
Zealot
m3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercise
 
Posts: 102
Karma: 38810
Join Date: Apr 2011
Device: Sony PRS-T1
fantastic!
m3l7d0wN is offline   Reply With Quote
Advert
Old 10-07-2012, 12:50 PM   #33
ebmr
Zealot
ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.
 
Posts: 101
Karma: 34554
Join Date: Aug 2012
Device: none
According to the T2 NAND dump the encryption key and the RSA private key both are identical to the T1?!
ebmr is offline   Reply With Quote
Old 10-07-2012, 02:10 PM   #34
ebmr
Zealot
ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.
 
Posts: 101
Karma: 34554
Join Date: Aug 2012
Device: none
The dump contains the necessary information to create both own (update) *.package files as well as the information on what is required for an update.img on the SD card. So root access and rooting should be easily possible!

Garyn, we owe you!

Last edited by ebmr; 10-07-2012 at 04:57 PM. Reason: cheered too soon
ebmr is offline   Reply With Quote
Old 10-07-2012, 02:45 PM   #35
Shark69
Zealot
Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.
 
Shark69's Avatar
 
Posts: 136
Karma: 493152
Join Date: Mar 2012
Location: Spain
Device: Kindle Oasis 2
As Russian downloads fail sometimes, I've uploaded to another server:

T2_NAND_dump_1.0.03.09110
http://uploaded.net/file/4yj8c1i8

T2_FS_1.0.03.09110
http://uploaded.net/file/zysjeng4
Shark69 is offline   Reply With Quote
Advert
Old 10-07-2012, 02:51 PM   #36
Shark69
Zealot
Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.Shark69 ought to be getting tired of karma fortunes by now.
 
Shark69's Avatar
 
Posts: 136
Karma: 493152
Join Date: Mar 2012
Location: Spain
Device: Kindle Oasis 2
Quote:
Originally Posted by ebmr View Post
According to the T2 NAND dump the encryption key and the RSA private key both are identical to the T1?!
Are you asking or telling us both keys are identical?
Shark69 is offline   Reply With Quote
Old 10-07-2012, 03:02 PM   #37
ebmr
Zealot
ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.
 
Posts: 101
Karma: 34554
Join Date: Aug 2012
Device: none
Quote:
Originally Posted by Shark69 View Post
Are you asking or telling us both keys are identical?
Telling. (I should have switched ? and ! in my posting.)

I was surprised that Sony didn't change them, but that they didn't work with porkupan's tools for the T1. (Sony changed something with the (update) *.packages as I know now after having a look in Garyn's files.)
ebmr is offline   Reply With Quote
Old 10-07-2012, 03:56 PM   #38
porkupan
Fanatic
porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.
 
porkupan's Avatar
 
Posts: 556
Karma: 1057213
Join Date: Sep 2006
Location: North Eastern U.S.
Device: Sony Reader
The updates are signed by Sony's private key, which may be identical to the one in the Russian T1, but it doesn't matter as we don't know what it is... Keep looking, but I don't think the update mechanism is going to be available to us this time around.

There is another private key in Info, which has always been used to verify the integrity of the updates, but it is not what we need to sign the update packages...
porkupan is offline   Reply With Quote
Old 10-07-2012, 04:07 PM   #39
ebmr
Zealot
ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.
 
Posts: 101
Karma: 34554
Join Date: Aug 2012
Device: none
Well, how did you manage to create the PRS-T1 Updater.package in your minimal-root then?
ebmr is offline   Reply With Quote
Old 10-07-2012, 04:22 PM   #40
porkupan
Fanatic
porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.
 
porkupan's Avatar
 
Posts: 556
Karma: 1057213
Join Date: Sep 2006
Location: North Eastern U.S.
Device: Sony Reader
The updates were not signed until the PRS-G1 and PRS-T1/RU were introduced. In the PRS-T1/US and PRS-T1/JP the updates were unsigned. We managed to find an exploit in the MSC API program on the reader (switcher), which allowed us (for the Russian T1) to overwrite the Recovery Rootfs and Diags Rootfs with the ones that accepted packages signed by my key as well. Also allowed to accept unsigned images for SD boot. However, Sony has closed the hole in switcher in the T2 (amazing that they found the exact problem in their logic, which leads me to believe that they used a code analyzer tool of some sort, or stole my code that has not been published). So, a new exploit is now needed.

Last edited by porkupan; 10-07-2012 at 04:44 PM. Reason: Clarity
porkupan is offline   Reply With Quote
Old 10-07-2012, 05:01 PM   #41
ebmr
Zealot
ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.ebmr is out to avenge the death of his or her father, Domingo Montoya.
 
Posts: 101
Karma: 34554
Join Date: Aug 2012
Device: none
Damn!

A closer look at the handling of update.img proves you right (of course). The image's sha1 is signed and will be checked in sig_check().
ebmr is offline   Reply With Quote
Old 10-07-2012, 06:20 PM   #42
m3l7d0wN
Zealot
m3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercise
 
Posts: 102
Karma: 38810
Join Date: Apr 2011
Device: Sony PRS-T1
deleted message

Last edited by m3l7d0wN; 10-07-2012 at 06:23 PM.
m3l7d0wN is offline   Reply With Quote
Old 10-08-2012, 02:02 AM   #43
rkomar
Wizard
rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.
 
Posts: 2,977
Karma: 18343081
Join Date: Oct 2010
Location: Sudbury, ON, Canada
Device: PRS-505, PB 902, PRS-T1, PB 623, PB 840, PB 633
So, what is it that they are working so hard to protect? Dictionaries? I wonder why keeping root access from users is such a high priority?
rkomar is offline   Reply With Quote
Old 10-08-2012, 06:06 AM   #44
m3l7d0wN
Zealot
m3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercisem3l7d0wN juggles running chainsaws for a bit of light exercise
 
Posts: 102
Karma: 38810
Join Date: Apr 2011
Device: Sony PRS-T1
at least we have the reader apks of the T2. I have to try them on my T1
m3l7d0wN is offline   Reply With Quote
Old 10-08-2012, 06:07 AM   #45
redneck eyeball
Member
redneck eyeball began at the beginning.
 
Posts: 12
Karma: 10
Join Date: Aug 2012
Device: PRS-T2
They have now progressed even further. The T2 is hacked !!!


Still to early for a public release, but it's on it's way
redneck eyeball is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Q] Can't get to settings after hacking holgalee Kindle Developer's Corner 11 05-26-2012 07:52 AM
K3 screen hacking arikfunke Kindle Developer's Corner 8 04-28-2012 10:43 AM
hacking in? omro Astak EZReader 5 12-09-2009 05:59 PM
Hacking like we had for the 500? TadW Sony Reader Dev Corner 2 04-03-2008 05:46 AM


All times are GMT -4. The time now is 11:33 AM.


MobileRead.com is a privately owned, operated and funded community.