bruutveal can't decrypt,need new way to decrypt for M8_WL 3.28.605.4

[tommyuw7]

for htc M8(Verizon) 3.28.605.4
0P6BIMG_M8_WL_K444_SENSE60_VZW_MR_VERIZON_WWE_3.28.605.4_HSM_Radio_1.09.20.0926_NV_VZW_2.11_002_release_393779_signed_1.zip

ruu: http://pan.baidu.com/s/1eQ4BGWi password: 51cv
hboot: https://www.androidfilehost.com/?fid=95747613655049353

first
cmd: bruutveal hboot.img rom.zip Key

bruutveal

Large zip format detected containing 7 zipfile(s)
invalid htc aes encrypted zip file!
*** glibc detected *** bruutveal: free(): invalid pointer: 0x00942ff4 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6e0a1)[0x8530a1]
/lib/tls/i686/cmov/libc.so.6(+0x6f8f8)[0x8548f8]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0x857a6d]
bruutveal[0x8048ddb]
bruutveal[0x8048f74]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x7fbbf6]
bruutveal[0x8048971]
======= Memory map: ========
00110000-00248000 r-xp 00000000 08:01 1573276 /lib/i686/cmov/libcrypto.so.0.9.8
00248000-00250000 r--p 00137000 08:01 1573276 /lib/i686/cmov/libcrypto.so.0.9.8
00250000-0025e000 rw-p 0013f000 08:01 1573276 /lib/i686/cmov/libcrypto.so.0.9.8
0025e000-00262000 rw-p 00000000 00:00 0
00262000-00277000 r-xp 00000000 08:01 1573252 /lib/tls/i686/cmov/libpthread-2.11.1.so
00277000-00278000 r--p 00014000 08:01 1573252 /lib/tls/i686/cmov/libpthread-2.11.1.so
00278000-00279000 rw-p 00015000 08:01 1573252 /lib/tls/i686/cmov/libpthread-2.11.1.so
00279000-0027b000 rw-p 00000000 00:00 0
003c5000-0040b000 r-xp 00000000 08:01 1573275 /lib/i686/cmov/libssl.so.0.9.8
0040b000-0040c000 ---p 00046000 08:01 1573275 /lib/i686/cmov/libssl.so.0.9.8
0040c000-0040d000 r--p 00046000 08:01 1573275 /lib/i686/cmov/libssl.so.0.9.8
0040d000-00410000 rw-p 00047000 08:01 1573275 /lib/i686/cmov/libssl.so.0.9.8
00717000-00734000 r-xp 00000000 08:01 1572913 /lib/libgcc_s.so.1
00734000-00735000 r--p 0001c000 08:01 1572913 /lib/libgcc_s.so.1
00735000-00736000 rw-p 0001d000 08:01 1572913 /lib/libgcc_s.so.1
00792000-00793000 r-xp 00000000 00:00 0 [vdso]
007e5000-00941000 r-xp 00000000 08:01 1573256 /lib/tls/i686/cmov/libc-2.11.1.so
00941000-00943000 r--p 0015b000 08:01 1573256 /lib/tls/i686/cmov/libc-2.11.1.so
00943000-00944000 rw-p 0015d000 08:01 1573256 /lib/tls/i686/cmov/libc-2.11.1.so
00944000-00947000 rw-p 00000000 00:00 0
00a6b000-00a7e000 r-xp 00000000 08:01 1573062 /lib/libz.so.1.2.3.3
00a7e000-00a7f000 r--p 00012000 08:01 1573062 /lib/libz.so.1.2.3.3
00a7f000-00a80000 rw-p 00013000 08:01 1573062 /lib/libz.so.1.2.3.3
00c2b000-00c2d000 r-xp 00000000 08:01 1572940 /lib/tls/i686/cmov/libdl-2.11.1.so
00c2d000-00c2e000 r--p 00001000 08:01 1572940 /lib/tls/i686/cmov/libdl-2.11.1.so
00c2e000-00c2f000 rw-p 00002000 08:01 1572940 /lib/tls/i686/cmov/libdl-2.11.1.so
00d34000-00d4f000 r-xp 00000000 08:01 1573052 /lib/ld-2.11.1.so
00d4f000-00d50000 r--p 0001a000 08:01 1573052 /lib/ld-2.11.1.so
00d50000-00d51000 rw-p 0001b000 08:01 1573052 /lib/ld-2.11.1.so
08048000-0804a000 r-xp 00000000 08:01 11955939 /usr/local/bin/bruutveal
0804a000-0804b000 r--p 00001000 08:01 11955939 /usr/local/bin/bruutveal
0804b000-08051000 rw-p 00002000 08:01 11955939 /usr/local/bin/bruutveal
0821b000-0823c000 rw-p 00000000 00:00 0 [heap]
b7500000-b7521000 rw-p 00000000 00:00 0
b7521000-b7600000 ---p 00000000 00:00 0
b76f0000-b76f3000 rw-p 00000000 00:00 0
b7701000-b7705000 rw-p 00000000 00:00 0
bf8e8000-bf8fd000 rw-p 00000000 00:00 0 [stack]

[kmdm]

Hm, while that definitely looks like a bug, that worked for me:-

$ ./bruutveal 328/hboot_signedbyaa.img 328/rom.zip 328/rom.key
...
Large zip format detected containing 7 zipfile(s)
...
Successful bruutveal run, key written to: 328/rom.key
$ ./ruuveal -K 328/rom.key 328/rom.zip output.zip
...
Large zip format detected containing 7 zipfile(s)
Decrypted RUU (zip) written to: 01_output.zip
Decrypted RUU (zip) written to: 02_output.zip
Decrypted RUU (zip) written to: 03_output.zip
Decrypted RUU (zip) written to: 04_output.zip
Decrypted RUU (zip) written to: 05_output.zip
Decrypted RUU (zip) written to: 06_output.zip
Decrypted RUU (zip) written to: 07_output.zip
$ unzip -l 01_output.zip 
Archive:  01_output.zip
  Length      Date    Time    Name
      118  2014-09-30 04:58   android-info.txt
 45937664  2014-09-30 04:58   radio.img
   177152  2014-09-30 04:58   rcdata.img
  4194304  2014-09-30 04:58   splash1.nb0
   364734  2014-09-29 18:15   tz.img
   194440  2014-09-29 18:15   rpm.img
  9593856  2014-09-29 18:15   adsp.img
  4188160  2014-09-29 18:15   pg2fs_spcustom.img
  1048576  2014-09-30 04:58   rfg_1.img
  1048576  2014-09-30 04:58   rfg_2.img
  4563968  2014-09-29 18:15   wcnss.img
  1008816  2014-09-29 18:21   ramdisk.img
   317042  2014-09-29 18:15   sbl1-1.img
   317042  2014-09-29 18:15   sbl1-2.img
   317042  2014-09-29 18:15   sbl1-3.img
  1572864  2014-09-30 04:58   modem_st1.img
  1572864  2014-09-30 04:58   modem_st2.img
  8388608  2014-09-30 04:58   rconfig.img
   317042  2014-09-29 18:15   sbl1-4.img
    95772  2014-09-29 18:15   tp_SYN3508.img
    95767  2014-09-29 18:15   tp_SYN3528.img
   219762  2014-09-29 18:15   sensor_hub.img
    11770  2014-09-29 18:15   sdi.img
   356872  2014-09-29 18:11   emmc_appsboot.mbn
  4341932  2014-09-29 18:20   persist.img
  2652160  2014-09-29 18:21   dt.img
   356872  2014-09-29 18:15   bootloader
  2096384  2014-09-29 18:25   hboot_signedbyaa.img
 16412928  2014-09-29 18:25   recovery_signed.img
111763087                     29 files
$ cat 328/rom.key | base64
S3PgXkRhza1VePBUcigC90Da3NqDjoyk1cKoY56W4tFAL93Wklk/TZBwCAtRgCIdOas4Um/LzPqR
WYTsp47FzlbHg5BXLlg6J5fT6P+oEhIGPZMRxgpH39yD6B/0+I1d
$ md5sum 328/rom.key 
056715cbd9d9875ece4cfa3f7fed7bde  328/rom.key

[tommyuw7]

Can you give me a currently available bruutveal ? I want test

[kmdm]

No different to what's pushed to github - just build it :)

[AbelCha0]

hi Kmdm, I decrypted a rom and find there have 3 system.img files named system_1.img,system_2.img and system_3.img. I just want to know how to merge the 3 files into one system.img file. thanks.

[kmdm]

I use cat

[AbelCha0]

Hi Kmdm. thank you very much.

[tommyuw7]

i find if use new rom.zip ,somone can't be decrypted~~~~~~~~

I upgrade my system to ubuntu 14.10
It is Ok that I use older rom.zip to create key (bruutveal hboot.img rom.zip key (It is Ok))
but, I use New Rom(3.28.605.4) ,it is failed
--------------error message---It is from ubuntu 14.10 64bit-----------------------------------------
Large zip format detected containing 7 zipfile(s)
invalid htc aes encrypted zip file!
*** Error in `bruutveal': double free or corruption (!prev): 0x0000000002121250 ***
---------------------------ubuntu 9 32bi-----------------------------------------------------------------------
Large zip format detected containing 7 zipfile(s)
invalid htc aes encrypted zip file!
*** glibc detected *** bruutveal: free(): invalid pointer: 0x00942ff4 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6e0a1)[0x8530a1]
/lib/tls/i686/cmov/libc.so.6(+0x6f8f8)[0x8548f8]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0x857a6d]
bruutveal[0x8048ddb]
bruutveal[0x8048f74]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x7fbbf6]
bruutveal[0x8048971]

[kmdm]

I can only look if you provide the rom.zip that breaks. :-)

[kmdm]

Invalid free() fixed in f493633

[gsmcnteam]

have type RUU is combined.zip.first zip not encrypt.so bruuveal notice invalid aes key....just extra secound zip and use bruuveal to get key and decrypt it

[coolyberry]

if we have combined RUU.zip how to do second zip to get key for decrypting it ?

[DoomLander]

If new RUU's have larger system.img, they will be splited into multiple imgs.
We must combine prior to flashing.
Copy all imgs to a folder, then...

Use this cmd for Windows:

copy /b system_1.img + system_2.img + system_3.img system.img

Use this cmd for Linux:

cat system_1.img system_2.img system_3.img > system.img