You cant just create a bin files and say it has slic 2.1 . Now i wonder if both of them are false Custom slic 2.1 builds will never work
The first part of the SLIC is taken of SAMSUNG 2.0 slic Code: 00000030h: 00 24 00 00 52 53 41 31 00 04 00 00 01 00 01 00 .$..RSA1........ 00000040h: 49 A3 74 7B D1 20 62 F7 75 7C 51 7A 2B B9 B7 B1 I£t{Ñ b÷u|Qz+¹·± 00000050h: AD 2C 5E 65 E6 5D 0C 74 53 F1 7D 5C 82 2F B7 F7 *,^eæ].tSñ}\‚/·÷ 00000060h: 24 A4 2A 01 B2 63 0C 09 5D EA A6 87 FB D3 3E F9 $¤*.²c..]ꦇûÓ>ù 00000070h: A3 62 CA 5C BD BE E3 AD 1C C6 4C 02 74 81 1E 97 £bÊ\½¾ã*.ÆL.t.— 00000080h: 73 A9 1B F0 52 E2 27 C7 A9 A7 36 27 27 A8 8E AA s©.ðRâ'Ç©§6''¨Žª 00000090h: 8D BB ED CF 38 D3 9E F2 63 D4 8C 73 25 9D 9B 0D »íÏ8ÓžòcÔŒs%›. 000000A0h: 6C EE EF B3 3E 3E 3A D8 E2 64 F8 83 45 47 66 DF lîï³>>:ØâdøƒEGfß 000000B0h: 36 09 C7 DB 9F 32 D0 A8 2D B1 D3 04 28 8F 26 B2 6.ÇÛŸ2Ш-±Ó.(&² the second part, self generated i guess... although it passes the online validation it still is self signed so this will never be a genuine signature, not?
The 1st probably is good, but you will need a new Certificate to have a go with it The 2nd one definitely is a fake, but the question is what did he exactly do to pass the validation, and more important, how can i identify these fakes in the validation tool?
I dont know but I think something is wrong with your online validation, when done manully the SLIC signature is invalid. Also the modulus in the certificate and SLIC table does not match.
Well the the SLIC signature is valid if you use a different Public Key Exponent like ruboard-user has done, if you do it manually using his Public Key Exponent it is valid as well... I did not have a check on the Public Key Exponent, this could have been anything (it was simply read from SLIC file) i have corrected this now, so the Public Key Exponent always has to be "00010001"
Please read what he wrote - he explained more than definitely that in second SLIC he changed public exponent of RSA1 pubkey from 00 01 00 01 to 00 00 00 01. In this case it's incredibly easy to properly sign message. So SLIC itself is indeed OK. Problem is that signed info in certificate includes, besides OEMID, the full RSA1 pubkey, full means public exponent (4 bytes) + modulus (128 bytes). If modulus match and public exponent doesn't match should mean SLIC and cert don't match. This moment should be fixed in online checking tool, i think. Edited: FreeStyler had already figured that out, good job!