[ot][spam] log: trying to take control of my free government phone
Undiscussed Horrific Abuse, One Victim of Many
gmkarl at gmail.com
Tue Jul 19 12:41:50 PDT 2022
the oem command does not work on this phone. i did find at
https://www.xda-developers.com/how-to-discover-hidden-fastboot-commands/
that oem commands are likely sent as strings straight to the device,
and can usually be enumerated by grepping for strings in the boot
loader.
the device has a vbmeta partition, i guess all devices with verified
boot enabled likely do.
i'm a little surprised the boot thing from russia didn't work. i could
ask more at their forum, or ask the dev with the similar device; i
think i'd like to learn a little more about it first. i'm a little
curious about profiling the bootloader to see what it might be.
i could also try to reverse engineer the factory flasher a little, and
see if there are some useful codes or identifying information.
when I connect the phone to the system, it behaves similar to the
mediatek phone, offering a brief serial interface and relating
commands via it. it actually responds to my 'backyard mediatek
flasher''s handshake, with the same 'READY' exchange protocol. The
output of test.py is this:
Device preloader version: 0x3
hw_code=0x699 unk1=0x0 hw_subcode=0x8a00 hw_version=0xcb00 unk2=0x2 unk3=0x0
These are very similar values to the mediatek situation. It implies
that the two are speaking the same protocol, whatever protocol it is.
The chipsets are both based on arm.
More information about the cypherpunks
mailing list