Skip to content

Decrypt `update.upx` the encrypted ROM update package released by Onyx Boox, so as to get the zip format update package which can be read by Recovery directly



Repository files navigation

decrypt Boox Update Upx

This project is aimed to help get the plain firmware packages of Boox devices, from the firmware packages named update.upx which are provided and encrypted by Onyx.

It has been tested only in these Boox ereaders. A few of models sold in China and most (if not all) of models sold in Russia are marked with suffixes -cn/-ru, the firmwares for which don't use the same strings with their international versions! SP_NoteS is SuperStar (chaoxing) verison.

If your device hasn't been included, you could try to get its keys. If you found it available for any other Boox ereader, please submit the keys.

Note 1: There is also another method to fetch decrypted from @shunf4.

Note 2: There is a way to get downloading url of latest firmware.

Note 3: payload.bin can be extracted with

Any other issue and pull request is also welcomed!

How to run?

Python3 should be installed to run the script, and pycryptodome a dependency of the script should also be installed:

(BTW: in some environments, the following pip and python should be replaced with pip3 and python3)

pip install pycryptodome

There are two components to this application: (the program) and BooxKeys.csv (the database of decryption keys). These must be placed together in the same directory but the location does not matter. For simplicity update.upx (the update to be decrypted) may be put in the same directory. By default, (the decrypted update) will be generated in the current directory.

To run the application:

python <device model> [input file name [output file name]]

<device model> is required, and [input file name [output file name]] is optional. The input file will be update.upx and the output file will be saved in the current working directory, if not set in the arguments.

For a list of the currently supported models please refer to the file BooxKeys.csv.


Previously the raw strings extracted from Onyx software were used. These strings were 44 alphanumeric characters long. Since the newer Onyx models no longer use this level of obfuscation we've switched to using what the true gist of the keys are, a 32 character hexadecimal string. Older Onyx models continue to be supported, although the key strings may appear to be unfamiliar.


There is a python class DeBooxUpx in to decrypt update.upx.

Following is a example of how to use this class to decrypt the update.upx using manual strings:

from DeBooxUpx import DeBooxUpx

Key = "3DC53116D8AE3DCCEAD99F53E08E1E35" 
IV = "42B996AB6E252DCA4EDBC668BA3E5A3A" 
updateUpxPath = 'update.upx'
decryptedPath = ''

decrypter = DeBooxUpx(Key, IV)
print('When updating, the device decrypt update package into', decrypter.path)
decrypter.deUpx(updateUpxPath, decryptedPath)


Refer to


Decrypt `update.upx` the encrypted ROM update package released by Onyx Boox, so as to get the zip format update package which can be read by Recovery directly







No releases published


No packages published