Thread: Tutorial How-to: Booting 5.14.1 on KV
View Single Post
Old 12-01-2021, 07:16 PM   #4
katadelos
rm -rf /
katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.
 
Posts: 219
Karma: 3333683
Join Date: Nov 2019
Location: United Kingdom
Device: K5, KT, KT2, KT3, KT4, KV, PW2, PW3, PW4, PW5
Quote:
Originally Posted by NiLuJe View Post
You'd need a patched initrd for that (c.f., @katadelos' previous post on that front ) (and explicitly flag the package with the right key number but our actual JB key, because I don't think the updater even supports the dev key index).

All of that *should* be doable via KindleTool, but, obviously, has never been tested (to my knowledge) .
Pretty much this - once the initrd thing is out of the way, it's not particularly difficult to create a self-signed update that will successfully install. I've tested this in the past but can't find the exact KindleTool args that I used to create the update

I had a look and managed to find the script that I was using to patch recovery-util, it's just a simple find and replace:

Spoiler:
Code:
exponent = [0x01, 0x00, 0x01]

test = [0x00, 0xbc, 0x03, 0x06, 0x30, 0x30, 0x2d, 0x81, 0x82, 0x89, 0xdf, 0xaf, 0xda, 0x24, 0x9d, 0x31, 0x1e, 0xe9, 0x6f, 0x4f, 0xab, 0xb0, 0xc2, 0xb7, 0xb4, 0x42, 0xb9, 0xd0, 0x59, 0x88, 0x51, 0xa3, 0x30, 0xc7, 0xe8, 0xac, 0x2a, 0xbb, 0xec, 0xcd, 0x81, 0x48, 0xfe, 0xfb, 0x61, 0x5d, 0xd7, 0xa0, 0x73, 0x94, 0xbf, 0xa9, 0xb6, 0x61, 0x9e, 0x7e, 0x74, 0x21, 0x88, 0xaa, 0x61, 0x70, 0x10, 0x4d, 0x1d, 0x73, 0xb4, 0x61, 0xe1, 0xc0, 0x45, 0x8d, 0xfa, 0xc6, 0xa8, 0x37, 0x8f, 0x96, 0xc6, 0xbc, 0xe9, 0x36, 0x80, 0xd1, 0x7e, 0xaa, 0xfc, 0x0a, 0xa0, 0x35, 0xe3, 0xf2, 0x39, 0x53, 0x23, 0x35, 0x32, 0x88, 0x4a, 0x7d, 0x35, 0xd9, 0xbb, 0xb8, 0xbf, 0x64, 0x19, 0x75, 0xbd, 0xba, 0x77, 0x35, 0x1e, 0x14, 0x80, 0xd9, 0x7a, 0x71, 0xf3, 0x37, 0x59, 0xb4, 0xb1, 0xa6, 0x64, 0x1d, 0x4c, 0x0d, 0x32, 0xfa, 0x35, 0xbb, 0xb1, 0x4f, 0x86, 0x91, 0x24, 0xc1, 0x93, 0xb6, 0x9d, 0xe4, 0x4c, 0x9d, 0x8b, 0x9e, 0xa8, 0xec, 0xa4, 0x0c, 0x0e, 0x9d, 0x3a, 0x6c, 0x3d, 0xae, 0x2b, 0xb9, 0x95, 0xb3, 0x71, 0xce, 0x2c, 0x6e, 0xaa, 0x9d, 0x75, 0x0e, 0xec, 0x83, 0xe8, 0xcd, 0xac, 0x89, 0xde, 0x27, 0xba, 0x9a, 0x44, 0x7a, 0x7c, 0x33, 0xb1, 0xf9, 0xdb, 0x13, 0xf7, 0xaf, 0x4a, 0xb4, 0x6a, 0x64, 0xc6, 0x9d, 0xcb, 0xb7, 0x0d, 0x28, 0x37, 0xad, 0xad, 0xae, 0x19, 0x27, 0xc8, 0xe4, 0x07, 0x44, 0x93, 0x17, 0xf8, 0x3e, 0x69, 0x07, 0x79, 0x26, 0x81, 0x97, 0x0f, 0x0b, 0x26, 0x7d, 0x1b, 0x98, 0x33, 0xe7, 0xe1, 0xcc, 0x20, 0x18, 0x9f, 0xc3, 0xd8, 0x0e, 0x38, 0x66, 0x14, 0xa5, 0x79, 0x85, 0x8a, 0x00, 0xff, 0xaf, 0x25, 0x36, 0xf8, 0x5b, 0x7e, 0x21, 0x7a, 0xd4, 0x47, 0xd0, 0x5e, 0x82, 0x21]

jailbreak_pub = [0x00, 0xc9, 0x9f, 0x58, 0xd6, 0x53, 0xec, 0x71, 0x56, 0xff, 
                 0xde, 0x44, 0xa7, 0xc2, 0x3d, 0x1f, 0x5e, 0xe3, 0xb9, 0x4f, 
                 0x58, 0xdd, 0xab, 0x1f, 0x7d, 0xf3, 0xf5, 0x06, 0xdf, 0x9e, 
                 0xa9, 0x82, 0xc4, 0x14, 0x4b, 0x3f, 0xa9, 0x8c, 0x8c, 0x6c, 
                 0xba, 0x00, 0xfc, 0xb2, 0x71, 0x05, 0xe0, 0xde, 0x73, 0xe2, 
                 0xe5, 0xf7, 0x1b, 0xef, 0x96, 0xa5, 0x66, 0x8f, 0x8e, 0x87, 
                 0x4d, 0x76, 0x1e, 0x93, 0x1e, 0xf4, 0xb9, 0xe9, 0x78, 0x48, 
                 0x25, 0xa0, 0x87, 0x66, 0xd4, 0x4e, 0x0b, 0x3a, 0xcc, 0xab, 
                 0xcf, 0x89, 0x2d, 0xb5, 0x0b, 0x46, 0x46, 0x5c, 0xc2, 0x12, 
                 0xb9, 0x81, 0x1a, 0xde, 0xbe, 0x70, 0x05, 0x44, 0x57, 0xce, 
                 0xb2, 0xda, 0x98, 0x4e, 0x27, 0x79, 0x8b, 0x93, 0x41, 0x24, 
                 0xf5, 0x44, 0x17, 0x6c, 0x85, 0x1f, 0xae, 0xfc, 0x89, 0x9d, 
                 0x2d, 0x8c, 0x28, 0xb1, 0xb6, 0x71, 0xcc, 0xe3, 0x95]

pubprodkey1_n = [0x00, 0xb1, 0x7e, 0x98, 0x99, 0xd5, 0xd6, 0xdd, 0x48, 0xe8, 
                 0x2b, 0x8a, 0x4a, 0x97, 0x0f, 0xa9, 0x44, 0x49, 0x4a, 0xc3, 
                 0xe6, 0x5e, 0x76, 0x9c, 0xde, 0x74, 0x88, 0xc8, 0x76, 0xbc, 
                 0x37, 0x26, 0x5b, 0xf1, 0x73, 0x90, 0xf0, 0xef, 0xd1, 0xe4, 
                 0x5f, 0xd5, 0xc8, 0xba, 0xc3, 0x78, 0x9f, 0x86, 0x61, 0xf0, 
                 0xa8, 0x32, 0xbd, 0x39, 0x83, 0x67, 0xa3, 0x03, 0xda, 0xa7, 
                 0x35, 0x07, 0x02, 0x21, 0xee, 0x91, 0x78, 0xd6, 0xac, 0xe0, 
                 0xb7, 0x7d, 0x96, 0x33, 0x80, 0x0c, 0x73, 0x20, 0xf3, 0x78, 
                 0x37, 0x25, 0x30, 0xdf, 0xaf, 0x73, 0x14, 0xad, 0x80, 0x00, 
                 0xb6, 0x67, 0x5e, 0x9b, 0x5c, 0xeb, 0xc0, 0xff, 0xc7, 0x1b, 
                 0x59, 0xf7, 0x8a, 0x68, 0xad, 0xff, 0xa4, 0x2e, 0xdc, 0x3f, 
                 0xe2, 0xf1, 0x76, 0x36, 0x11, 0xec, 0x5e, 0xd7, 0x21, 0xae, 
                 0x9b, 0xc8, 0x0f, 0xe2, 0x61, 0x92, 0x8a, 0xfc, 0x31]

pubprodkey2_n = [0x00, 0xb0, 0xf7, 0x4b, 0x8e, 0x06, 0x27, 0x39, 0xf1, 0x69, 
                 0x10, 0x8a, 0xae, 0xc0, 0x3e, 0x58, 0x42, 0x0f, 0xe5, 0xa3, 
                 0x10, 0x09, 0xa1, 0x55, 0x3e, 0x01, 0x06, 0x99, 0xdd, 0x69, 
                 0xbc, 0x6f, 0xbb, 0xb7, 0x95, 0xfd, 0x13, 0x98, 0xa2, 0xff, 
                 0xf1, 0x15, 0xf3, 0xd9, 0x5a, 0xd7, 0x76, 0xb1, 0x46, 0x79, 
                 0xf8, 0x84, 0xc4, 0xce, 0xb4, 0x3c, 0x61, 0x0b, 0x71, 0xa8, 
                 0xda, 0x9e, 0x14, 0x72, 0xd6, 0x52, 0x67, 0xd1, 0x98, 0xcf, 
                 0xfe, 0xcf, 0x44, 0xcf, 0xa1, 0x36, 0x1f, 0x4b, 0x1d, 0x3f, 
                 0x3c, 0xfd, 0x69, 0x4a, 0x26, 0x1e, 0x47, 0x2f, 0x39, 0x64, 
                 0x2e, 0xc7, 0xe3, 0x28, 0x61, 0x12, 0x27, 0xa2, 0x7c, 0x21, 
                 0xb1, 0xf7, 0xf5, 0xc2, 0x63, 0x5d, 0xe6, 0x63, 0xa1, 0xa1, 
                 0xcd, 0x22, 0x33, 0xb7, 0x75, 0xf1, 0x6b, 0x2e, 0x3d, 0xb8, 
                 0xf8, 0x7f, 0x3a, 0x9b, 0xee, 0x19, 0xd9, 0x9d, 0xdc, 0x00, 
                 0x0f, 0x49, 0xa8, 0x2b, 0x68, 0x29, 0x99, 0xe3, 0x81, 0xc8, 
                 0x22, 0x41, 0xfa, 0x8b, 0xc2, 0xef, 0x0d, 0x8d, 0x62, 0x98, 
                 0xc2, 0x5c, 0x71, 0xdd, 0xb0, 0x5c, 0x9a, 0xb5, 0x5e, 0x2b, 
                 0x61, 0xe0, 0x15, 0x4f, 0x4a, 0x54, 0x7d, 0x55, 0xe7, 0x93, 
                 0x31, 0x41, 0x4e, 0x3d, 0xf1, 0xc6, 0xb7, 0x6f, 0x2c, 0xd2, 
                 0x20, 0xa6, 0x5d, 0xfc, 0x2a, 0xa4, 0xfc, 0x50, 0x6b, 0x62, 
                 0xbe, 0x80, 0xf5, 0x22, 0xcc, 0x7f, 0x2a, 0x56, 0xd5, 0x4f, 
                 0xe4, 0x60, 0xe6, 0xae, 0x4a, 0xfd, 0x21, 0xe6, 0x4e, 0x61, 
                 0xa0, 0x8b, 0x18, 0x6a, 0xd3, 0x4f, 0x10, 0xc5, 0x50, 0x49, 
                 0x41, 0xf3, 0xc6, 0x67, 0xae, 0xff, 0x17, 0x85, 0xd5, 0x67, 
                 0x6d, 0x3f, 0xaa, 0x7a, 0x74, 0x0c, 0xaf, 0xef, 0xb7, 0xf0, 
                 0x07, 0xc0, 0xc6, 0x0c, 0x23, 0xe1, 0x02, 0x8b, 0x8d, 0xdf,
                 0x9b, 0x53, 0xeb, 0x1f, 0xd7, 0x76, 0x87]

#pubprodkey1 = bytes(pubprodkey1_n + exponent)
#pubprodkey2 = bytes(pubprodkey2_n + exponent)
#jailbreak_k_2 = bytes(test + exponent)
#jailbreak_k_1 = bytes(jailbreak_pub + exponent)

pubprodkey1 = bytes(pubprodkey1_n)
pubprodkey2 = bytes(pubprodkey2_n)
jailbreak_k_2 = bytes(test)
jailbreak_k_1 = bytes(jailbreak_pub)

with open("recovery-util", 'rb') as original:
    original_bytes = original.read()
    with open("recovery-util-patch", 'wb') as patched:
        print(pubprodkey1 in original_bytes)
        k1 = original_bytes.replace(pubprodkey2, jailbreak_k_2)
        k2 = k1.replace(pubprodkey1, jailbreak_k_1)
        patched.write(k2)
    patched.close()
original.close()
katadelos is offline   Reply With Quote