Moritz Meißelbach

Session 10 — 2026-03-23b — ABL Analysis; Ghidra RE Env; Custom ABL Phase Created

Written by

in

Session 10 — 2026-03-23b

Duration: ~3 hours · Phase: 03a (Custom ABL) created this session · Offline

Key Findings

  • qtestsign confirmed: Stock ABL signed with Qualcomm test keys (“Generated Test Root CA”). Custom ABL with qtestsign will be accepted by XBL.
  • Fastboot hang: CmdDownload sends DATA response but USB BULK OUT endpoint may not be armed for the download. A custom ABL replacing the fastboot stack will fix this.
  • lk2nd not applicable: Device uses UEFI ABL (kernel=uefi), not legacy LK. lk2nd targets LK-based devices.
  • Ghidra RE Docker environment created (tools/docker/ghidra-re/, tools/ghidra-run)
  • TWRP phase sidelined pending Phase 03a completion

More posts