initial code upload
parent
9619d2eb57
commit
665d28976e
@ -0,0 +1,19 @@
|
||||
# evoplus_cid
|
||||
Tool to change the CID on Samsung Evo Plus SD Cards.
|
||||
See http://richard.burtons.org/2016/07/01/changing-the-cid-on-an-sd-card/
|
||||
for more details.
|
||||
|
||||
USE AT OWN RISK!
|
||||
|
||||
Usage: ./evoplus_cid <device> <cid> [serial]
|
||||
device - sd card block device e.g. /dev/block/mmcblk1
|
||||
cid - new cid, must be in hex (without 0x prefix)
|
||||
it can be 32 chars with checksum or 30 chars without, it will
|
||||
be updated with new serial number if supplied, the checksum is
|
||||
always recalculated
|
||||
serial - optional, can be hex (0x prefixed) or decimal
|
||||
and will be applied to the supplied cid before writing
|
||||
|
||||
Based on the reverse engineering and code of Sean Beaupre
|
||||
See: https://github.com/beaups/SamsungCID
|
||||
|
@ -0,0 +1,14 @@
|
||||
LOCAL_PATH := $(call my-dir)
|
||||
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_ARM_MODE := arm
|
||||
APP_ABI := armeabi-v7a
|
||||
APP_PLATFORM := android-18
|
||||
LOCAL_CFLAGS += -fPIE -pie
|
||||
LOCAL_MODULE := evoplus_cid
|
||||
LOCAL_LDFLAGS := -pie
|
||||
|
||||
LOCAL_SRC_FILES := evoplus_cid.c
|
||||
LOCAL_LDLIBS +=
|
||||
include $(BUILD_EXECUTABLE)
|
||||
|
@ -0,0 +1,180 @@
|
||||
#include <stdio.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <fcntl.h>
|
||||
#include <arpa/inet.h>
|
||||
#include "mmc.h"
|
||||
|
||||
#define CID_SIZE 16
|
||||
#define PROGRAM_CID_OPCODE 26
|
||||
#define SAMSUNG_VENDOR_OPCODE 62
|
||||
|
||||
int mmc_movi_vendor_cmd(unsigned int arg, int fd) {
|
||||
int ret = 0;
|
||||
struct mmc_ioc_cmd idata = {0};
|
||||
|
||||
idata.data_timeout_ns = 0x10000000;
|
||||
idata.write_flag = 1;
|
||||
idata.opcode = SAMSUNG_VENDOR_OPCODE;
|
||||
idata.arg = arg;
|
||||
idata.flags = MMC_RSP_R1B | MMC_CMD_AC;
|
||||
|
||||
ret = ioctl(fd, MMC_IOC_CMD, &idata);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int cid_backdoor(int fd) {
|
||||
int ret;
|
||||
|
||||
ret = mmc_movi_vendor_cmd(0xEFAC62EC, fd);
|
||||
if (ret) {
|
||||
printf("Failed to enter vendor mode. Genuine Samsung Evo Plus?\n");
|
||||
} else {
|
||||
ret = mmc_movi_vendor_cmd(0xEF50, fd);
|
||||
if (ret) {
|
||||
printf("Unlock command failed.\n");
|
||||
} else {
|
||||
ret = mmc_movi_vendor_cmd(0x00DECCEE, fd);
|
||||
if (ret) {
|
||||
printf("Failed to exit vendor mode.\n");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int program_cid(int fd, char *cid) {
|
||||
int ret;
|
||||
struct mmc_ioc_cmd idata = {0};
|
||||
|
||||
idata.data_timeout_ns = 0x10000000;
|
||||
idata.write_flag = 1;
|
||||
idata.opcode = PROGRAM_CID_OPCODE;
|
||||
idata.arg = 0;
|
||||
idata.flags = MMC_RSP_SPI_R1 | MMC_RSP_R1 | MMC_CMD_ADTC;
|
||||
idata.blksz = CID_SIZE;
|
||||
idata.blocks = 1;
|
||||
idata.data_ptr = (__u64)(unsigned int)cid;
|
||||
|
||||
ret = ioctl(fd, MMC_IOC_CMD, &idata);
|
||||
if (ret) {
|
||||
printf("Success! Remove and reinsert SD card to check new CID.\n");
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
void show_cid(char *cid) {
|
||||
int i;
|
||||
for(i = 0; i < CID_SIZE; i++){
|
||||
printf("%02x", cid[i]);
|
||||
}
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
unsigned char crc7(unsigned char data[], int len) {
|
||||
|
||||
int count;
|
||||
unsigned char crc = 0;
|
||||
|
||||
for (count = 0; count <= len; count++) {
|
||||
unsigned char dat;
|
||||
unsigned char bits;
|
||||
if (count == len) {
|
||||
dat = 0;
|
||||
bits = 7;
|
||||
} else {
|
||||
dat = data[count];
|
||||
bits = 8;
|
||||
}
|
||||
for (; bits > 0; bits--) {
|
||||
crc = (crc << 1) + ( (dat & 0x80) ? 1 : 0 );
|
||||
if (crc & 0x80) crc ^= 0x09;
|
||||
dat <<= 1;
|
||||
}
|
||||
crc &= 0x7f;
|
||||
}
|
||||
|
||||
return ((crc << 1) + 1);
|
||||
}
|
||||
|
||||
int parse_serial(const char *str) {
|
||||
|
||||
long val;
|
||||
|
||||
// accept decimal or hex, but not octal
|
||||
if ((strlen(str) > 2) && (str[0] == '0') &&
|
||||
(((str[1] == 'x')) || ((str[1] == 'X')))) {
|
||||
val = strtol(str, NULL, 16);
|
||||
} else {
|
||||
val = strtol(str, NULL, 10);
|
||||
}
|
||||
|
||||
return (int)val;
|
||||
}
|
||||
|
||||
void main(int argc, const char **argv) {
|
||||
int fd, ret, i, len;
|
||||
char cid[CID_SIZE] = {0};
|
||||
|
||||
if(argc != 3 && argc != 4) {
|
||||
printf("Usage: ./evoplus_cid <device> <cid> [serial]\n");
|
||||
printf("device - sd card block device e.g. /dev/block/mmcblk1\n");
|
||||
printf("cid - new cid, must be in hex (without 0x prefix)\n");
|
||||
printf(" it can be 32 chars with checksum or 30 chars without, it will\n");
|
||||
printf(" be updated with new serial number if supplied, the checksum is\n");
|
||||
printf(" always recalculated\n");
|
||||
printf("serial - optional, can be hex (0x prefixed) or decimal\n");
|
||||
printf(" and will be applied to the supplied cid before writing\n");
|
||||
printf("\n");
|
||||
printf("Warning: use at own risk!\n");
|
||||
return;
|
||||
}
|
||||
|
||||
len = strlen(argv[2]);
|
||||
if(len != 30 && len != 32) {
|
||||
printf("cid should be 30 or 32 chars long\n");
|
||||
return;
|
||||
}
|
||||
|
||||
// parse cid
|
||||
for(i = 0; i < (len/2); i++){
|
||||
ret = sscanf(&argv[2][i*2], "%2hhx", &cid[i]);
|
||||
if(!ret){
|
||||
printf("cid should be hex (without 0x prefix)!\n");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// incorporate optional serial number
|
||||
if (argc == 4) {
|
||||
*((int*)&cid[9]) = htonl(parse_serial(argv[3]));
|
||||
}
|
||||
|
||||
// calculate checksum
|
||||
cid[15] = crc7(cid, 15);
|
||||
|
||||
// open device
|
||||
fd = open(argv[1], O_RDWR);
|
||||
if(fd < 0){
|
||||
printf("[-] wtf\n");
|
||||
return;
|
||||
}
|
||||
|
||||
// unlock card
|
||||
//ret = 0;
|
||||
ret = cid_backdoor(fd);
|
||||
if (!ret){
|
||||
// write new cid
|
||||
printf("Writing new CID: ");
|
||||
show_cid(cid);
|
||||
ret = program_cid(fd, cid);
|
||||
if(!ret){
|
||||
printf("Success! Remove and reinsert SD card to check new CID.\n");
|
||||
}
|
||||
}
|
||||
close(fd);
|
||||
|
||||
}
|
||||
|
@ -0,0 +1,49 @@
|
||||
#ifndef LINUX_MMC_IOCTL_H
|
||||
#define LINUX_MMC_IOCTL_H
|
||||
#ifdef CONFIG_MMC_CPRM_SUPPORT
|
||||
#include "card.h"
|
||||
#endif
|
||||
|
||||
#include <linux/types.h>
|
||||
|
||||
struct mmc_ioc_cmd {
|
||||
|
||||
int write_flag;
|
||||
|
||||
|
||||
int is_acmd;
|
||||
|
||||
__u32 opcode;
|
||||
__u32 arg;
|
||||
__u32 response[4];
|
||||
unsigned int flags;
|
||||
unsigned int blksz;
|
||||
unsigned int blocks;
|
||||
|
||||
unsigned int postsleep_min_us;
|
||||
unsigned int postsleep_max_us;
|
||||
|
||||
unsigned int data_timeout_ns;
|
||||
unsigned int cmd_timeout_ms;
|
||||
|
||||
__u32 __pad;
|
||||
|
||||
|
||||
__u64 data_ptr;
|
||||
};
|
||||
#define mmc_ioc_cmd_set_data(ic, ptr) ic.data_ptr = (__u64)(unsigned long) ptr
|
||||
|
||||
#define MMC_IOC_CMD _IOWR(MMC_BLOCK_MAJOR, 0, struct mmc_ioc_cmd)
|
||||
#ifdef CONFIG_MMC_CPRM_SUPPORT
|
||||
struct mmc_ioc_cmd_extend {
|
||||
struct sd_ssr ssr;
|
||||
u32 ccs;
|
||||
u32 capacity_of_protected_area_in_byte;
|
||||
u32 card_status;
|
||||
u32 capacity;
|
||||
};
|
||||
#define MMC_IOC_CMD_EXTEND _IOR(MMC_BLOCK_MAJOR, 1, struct mmc_ioc_cmd_extend)
|
||||
#endif
|
||||
#define MMC_IOC_MAX_BYTES (512L * 256)
|
||||
#endif
|
||||
|
@ -0,0 +1,174 @@
|
||||
#ifndef _LINUX_MAJOR_H
|
||||
#define _LINUX_MAJOR_H
|
||||
|
||||
|
||||
#define UNNAMED_MAJOR 0
|
||||
#define MEM_MAJOR 1
|
||||
#define RAMDISK_MAJOR 1
|
||||
#define FLOPPY_MAJOR 2
|
||||
#define PTY_MASTER_MAJOR 2
|
||||
#define IDE0_MAJOR 3
|
||||
#define HD_MAJOR IDE0_MAJOR
|
||||
#define PTY_SLAVE_MAJOR 3
|
||||
#define TTY_MAJOR 4
|
||||
#define TTYAUX_MAJOR 5
|
||||
#define LP_MAJOR 6
|
||||
#define VCS_MAJOR 7
|
||||
#define LOOP_MAJOR 7
|
||||
#define SCSI_DISK0_MAJOR 8
|
||||
#define SCSI_TAPE_MAJOR 9
|
||||
#define MD_MAJOR 9
|
||||
#define MISC_MAJOR 10
|
||||
#define SCSI_CDROM_MAJOR 11
|
||||
#define MUX_MAJOR 11
|
||||
#define XT_DISK_MAJOR 13
|
||||
#define INPUT_MAJOR 13
|
||||
#define SOUND_MAJOR 14
|
||||
#define CDU31A_CDROM_MAJOR 15
|
||||
#define JOYSTICK_MAJOR 15
|
||||
#define GOLDSTAR_CDROM_MAJOR 16
|
||||
#define OPTICS_CDROM_MAJOR 17
|
||||
#define SANYO_CDROM_MAJOR 18
|
||||
#define CYCLADES_MAJOR 19
|
||||
#define CYCLADESAUX_MAJOR 20
|
||||
#define MITSUMI_X_CDROM_MAJOR 20
|
||||
#define MFM_ACORN_MAJOR 21
|
||||
#define SCSI_GENERIC_MAJOR 21
|
||||
#define IDE1_MAJOR 22
|
||||
#define DIGICU_MAJOR 22
|
||||
#define DIGI_MAJOR 23
|
||||
#define MITSUMI_CDROM_MAJOR 23
|
||||
#define CDU535_CDROM_MAJOR 24
|
||||
#define STL_SERIALMAJOR 24
|
||||
#define MATSUSHITA_CDROM_MAJOR 25
|
||||
#define STL_CALLOUTMAJOR 25
|
||||
#define MATSUSHITA_CDROM2_MAJOR 26
|
||||
#define QIC117_TAPE_MAJOR 27
|
||||
#define MATSUSHITA_CDROM3_MAJOR 27
|
||||
#define MATSUSHITA_CDROM4_MAJOR 28
|
||||
#define STL_SIOMEMMAJOR 28
|
||||
#define ACSI_MAJOR 28
|
||||
#define AZTECH_CDROM_MAJOR 29
|
||||
#define FB_MAJOR 29
|
||||
#define CM206_CDROM_MAJOR 32
|
||||
#define IDE2_MAJOR 33
|
||||
#define IDE3_MAJOR 34
|
||||
#define Z8530_MAJOR 34
|
||||
#define XPRAM_MAJOR 35
|
||||
#define NETLINK_MAJOR 36
|
||||
#define PS2ESDI_MAJOR 36
|
||||
#define IDETAPE_MAJOR 37
|
||||
#define Z2RAM_MAJOR 37
|
||||
#define APBLOCK_MAJOR 38
|
||||
#define DDV_MAJOR 39
|
||||
#define NBD_MAJOR 43
|
||||
#define RISCOM8_NORMAL_MAJOR 48
|
||||
#define DAC960_MAJOR 48
|
||||
#define RISCOM8_CALLOUT_MAJOR 49
|
||||
#define MKISS_MAJOR 55
|
||||
#define DSP56K_MAJOR 55
|
||||
|
||||
#define IDE4_MAJOR 56
|
||||
#define IDE5_MAJOR 57
|
||||
|
||||
#define SCSI_DISK1_MAJOR 65
|
||||
#define SCSI_DISK2_MAJOR 66
|
||||
#define SCSI_DISK3_MAJOR 67
|
||||
#define SCSI_DISK4_MAJOR 68
|
||||
#define SCSI_DISK5_MAJOR 69
|
||||
#define SCSI_DISK6_MAJOR 70
|
||||
#define SCSI_DISK7_MAJOR 71
|
||||
|
||||
#define COMPAQ_SMART2_MAJOR 72
|
||||
#define COMPAQ_SMART2_MAJOR1 73
|
||||
#define COMPAQ_SMART2_MAJOR2 74
|
||||
#define COMPAQ_SMART2_MAJOR3 75
|
||||
#define COMPAQ_SMART2_MAJOR4 76
|
||||
#define COMPAQ_SMART2_MAJOR5 77
|
||||
#define COMPAQ_SMART2_MAJOR6 78
|
||||
#define COMPAQ_SMART2_MAJOR7 79
|
||||
|
||||
#define SPECIALIX_NORMAL_MAJOR 75
|
||||
#define SPECIALIX_CALLOUT_MAJOR 76
|
||||
|
||||
#define AURORA_MAJOR 79
|
||||
|
||||
#define I2O_MAJOR 80
|
||||
|
||||
#define SHMIQ_MAJOR 85
|
||||
#define SCSI_CHANGER_MAJOR 86
|
||||
|
||||
#define IDE6_MAJOR 88
|
||||
#define IDE7_MAJOR 89
|
||||
#define IDE8_MAJOR 90
|
||||
#define IDE9_MAJOR 91
|
||||
|
||||
#define DASD_MAJOR 94
|
||||
|
||||
#define MDISK_MAJOR 95
|
||||
|
||||
#define UBD_MAJOR 98
|
||||
|
||||
#define PP_MAJOR 99
|
||||
#define JSFD_MAJOR 99
|
||||
|
||||
#define PHONE_MAJOR 100
|
||||
|
||||
#define COMPAQ_CISS_MAJOR 104
|
||||
#define COMPAQ_CISS_MAJOR1 105
|
||||
#define COMPAQ_CISS_MAJOR2 106
|
||||
#define COMPAQ_CISS_MAJOR3 107
|
||||
#define COMPAQ_CISS_MAJOR4 108
|
||||
#define COMPAQ_CISS_MAJOR5 109
|
||||
#define COMPAQ_CISS_MAJOR6 110
|
||||
#define COMPAQ_CISS_MAJOR7 111
|
||||
|
||||
#define VIODASD_MAJOR 112
|
||||
#define VIOCD_MAJOR 113
|
||||
|
||||
#define ATARAID_MAJOR 114
|
||||
|
||||
#define SCSI_DISK8_MAJOR 128
|
||||
#define SCSI_DISK9_MAJOR 129
|
||||
#define SCSI_DISK10_MAJOR 130
|
||||
#define SCSI_DISK11_MAJOR 131
|
||||
#define SCSI_DISK12_MAJOR 132
|
||||
#define SCSI_DISK13_MAJOR 133
|
||||
#define SCSI_DISK14_MAJOR 134
|
||||
#define SCSI_DISK15_MAJOR 135
|
||||
|
||||
#define UNIX98_PTY_MASTER_MAJOR 128
|
||||
#define UNIX98_PTY_MAJOR_COUNT 8
|
||||
#define UNIX98_PTY_SLAVE_MAJOR (UNIX98_PTY_MASTER_MAJOR+UNIX98_PTY_MAJOR_COUNT)
|
||||
|
||||
#define DRBD_MAJOR 147
|
||||
#define RTF_MAJOR 150
|
||||
#define RAW_MAJOR 162
|
||||
|
||||
#define USB_ACM_MAJOR 166
|
||||
#define USB_ACM_AUX_MAJOR 167
|
||||
#define USB_CHAR_MAJOR 180
|
||||
|
||||
#define MMC_BLOCK_MAJOR 179
|
||||
|
||||
#define VXVM_MAJOR 199
|
||||
#define VXSPEC_MAJOR 200
|
||||
#define VXDMP_MAJOR 201
|
||||
|
||||
#define XENVBD_MAJOR 202
|
||||
|
||||
#define MSR_MAJOR 202
|
||||
#define CPUID_MAJOR 203
|
||||
|
||||
#define OSST_MAJOR 206
|
||||
|
||||
#define IBM_TTY3270_MAJOR 227
|
||||
#define IBM_FS3270_MAJOR 228
|
||||
|
||||
#define VIOTAPE_MAJOR 230
|
||||
|
||||
#define BLOCK_EXT_MAJOR 259
|
||||
#define SCSI_OSD_MAJOR 260
|
||||
|
||||
#endif
|
||||
|
@ -0,0 +1,53 @@
|
||||
#ifndef MMC_H_
|
||||
#define MMC_H_
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
/*
|
||||
* EXT_CSD field definitions
|
||||
*/
|
||||
#define EXT_CSD_HPI_SUPP (1<<0)
|
||||
#define EXT_CSD_HPI_IMPL (1<<1)
|
||||
#define EXT_CSD_CMD_SET_NORMAL (1<<0)
|
||||
#define EXT_CSD_BOOT_WP_B_PWR_WP_DIS (0x40)
|
||||
#define EXT_CSD_BOOT_WP_B_PERM_WP_DIS (0x10)
|
||||
#define EXT_CSD_BOOT_WP_B_PERM_WP_EN (0x04)
|
||||
#define EXT_CSD_BOOT_WP_B_PWR_WP_EN (0x01)
|
||||
#define EXT_CSD_BOOT_INFO_HS_MODE (1<<2)
|
||||
#define EXT_CSD_BOOT_INFO_DDR_DDR (1<<1)
|
||||
#define EXT_CSD_BOOT_INFO_ALT (1<<0)
|
||||
#define EXT_CSD_BOOT_CFG_ACK (1<<6)
|
||||
#define EXT_CSD_BOOT_CFG_EN (0x38)
|
||||
#define EXT_CSD_BOOT_CFG_ACC (0x03)
|
||||
#define EXT_CSD_PART_CONFIG_ACC_MASK (0x7)
|
||||
#define EXT_CSD_PART_CONFIG_ACC_BOOT0 (0x1)
|
||||
#define EXT_CSD_PART_CONFIG_ACC_BOOT1 (0x2)
|
||||
#define EXT_CSD_PART_CONFIG_ACC_USER_AREA (0x7)
|
||||
#define EXT_CSD_PART_CONFIG_ACC_ACK (0x40)
|
||||
|
||||
#define MMC_RSP_PRESENT (1 << 0)
|
||||
#define MMC_RSP_136 (1 << 1)
|
||||
#define MMC_RSP_CRC (1 << 2)
|
||||
#define MMC_RSP_BUSY (1 << 3)
|
||||
#define MMC_RSP_OPCODE (1 << 4)
|
||||
#define MMC_CMD_AC (0 << 5)
|
||||
#define MMC_CMD_ADTC (1 << 5)
|
||||
|
||||
#define MMC_RSP_SPI_S1 (1 << 7)
|
||||
#define MMC_RSP_SPI_BUSY (1 << 10)
|
||||
|
||||
#define MMC_CMD_BCR (3 << 5)
|
||||
|
||||
#define MMC_RSP_SPI_R1 (MMC_RSP_SPI_S1)
|
||||
#define MMC_RSP_SPI_R1B (MMC_RSP_SPI_S1|MMC_RSP_SPI_BUSY)
|
||||
|
||||
#define MMC_RSP_R1 (MMC_RSP_PRESENT|MMC_RSP_CRC|MMC_RSP_OPCODE)
|
||||
#define MMC_RSP_R1B (MMC_RSP_PRESENT|MMC_RSP_CRC|MMC_RSP_OPCODE|MMC_RSP_BUSY)
|
||||
#define MMC_RSP_R2 (MMC_RSP_PRESENT|MMC_RSP_136|MMC_RSP_CRC)
|
||||
|
||||
#include "ioctl.h"
|
||||
#include "major.h"
|
||||
|
||||
|
||||
#endif /* MMC_H_ */
|
||||
|
Binary file not shown.
Loading…
Reference in New Issue