Skip to content

Home

Jump to bottom
kercre123 edited this page Dec 24, 2019 · 10 revisions

Welcome to the Victor wiki!

Note:

  • The info at the top of the Google Groups Project Victor is extensive, but can't be edited in general. Some info out of date; some more info has been found since, etc
  • This is mostly for anyone to edit with the "unstable" info as it is developed
  • For stable info see: https://www.project-victor.org/

Needs:

  • We need someone to edit the wiki for cohesiveness and correctness.
  • Some help gathering information that has been distributed from the Google Groups, Discord, etc into the wiki

Table of contents

  • The objective, and Why an unlocked aboot or signing key is necessary
  • Investigation into aboot
  • Archives of files, OTA, tgz’s etc, Decompilations (?)
  • What have been done for exploits
  • Emulating Vector's firmware and software emulation
  • Physical modifications (you probably want to NOT do this.)

The objective

The about section of https://www.project-victor.org/ has the official, longer explanation. This is simply a synopsis/rephrasing for those who haven't read it already, and to answer a couple of frequent questions:

Vector's official servers will eventually go away. To preserve Vector's functionality (esp the voice-related functionality), we need (1) to enable Vector to use our own custom servers, and (2) build those servers.

We can not simply spoof Anki's servers; Vector checks the certificates used with the servers. In order for Vector to use customer servers the URL links inside of Vector must be changed. But we can't do that first. Vector's filesystem is protected against modification via signatures (mostly using dm-verity), and we don't have the signing key. Vector's init scripts check for changes to the filesystem with this signature, and will prevent use of the modified filesystem.

It isn't as simple as changing the init scripts to not check the filesystem signature either. The command line in the boot.img specifies checking the filesystem signatures. But boot.img is signed, and checked by aboot. Changing the command line by itself will not work: aboot will detect the modified boot.img and not load it.

To wrap up, we will need:

  • The signing key (qti.key) to sign our own new versions of file system, or boot.img or aboot, OR
  • A method to unlock aboot: to disable its checks of the boot.img, OR
  • A developer aboot AND a method to get it to think that it is a developer Vector (e.g., change the chip serial number -- likely part of the IC, and not modifiable by itself, but maybe it's spoofable). (Note: we have a developer boot.img that requires the 'anki.dev' command line flag in order to boot), OR
  • A boot.img that does not check 'anki.dev' AND does not check dm-verity, OR
  • ...?

Some of those are harder to achieve than others. Those will link to pages describing what is known and being investigated.

Clone this wiki locally