This script is a utility to extract libraries such as binaries, services and other essential components & files related to keymaster, gatekeeper and keymint specifically from /system, /vendor and /system_ext (if present). It also includes additional extraction for specific directories such as app/mcRegistry, thh/ta and app/t6. The tool is intended for firmware/ROM extraction tasks such as preparing and copying extracted files to the device tree of a custom recovery (TWRP, LineageOS, etc.) or other modding purposes. The goal is to be simple and easy, have greater agility.
Caution
The utility only interacts passively between the stock ROM folders the files requested in the script. Therefore, there are not enough changes to work magic and create a correct Device Tree with the files extrated.
The files are as they are, and what will make the difference in having a correct Device Tree is how the user makes his own modifications based on his own device. In addition, it is important that the user reviews the result (output folders) and the stock ROM folders to check and see if more files are still needed.
In this context, learning and having knowledge1 for the changes, as well as where the information is and where to place it is the user's sole responsibility.
- Extracts keymaster, gatekeeper, keymint binaries and libraries files from the Firmware folder.
- Extracts binaries files from
vendor/bin/hwrelated tokeymaster,gatekeeper, orkeymint. - Extracts service files from
vendor/binrelated tomcRegistry,teei_daemon, orteed. - Extracts files from the following paths if they exist:
vendor/app/mcRegistryvendor/thh/tavendor/mitee/tavendor/app/t6
- Handles extraction for:
system/lib64system/lib64/hwsystem/etcsystem/etc/vintfsystem/etc/vintf/manifestsystem_ext/lib64system_ext/lib64/hwvendor/lib64vendor/lib64/hwvendor/bin/hwvendor/binvendor/firmwarevendor/etc/vintfvendor/etc/vintf/manifest
- Cleans up empty directories after extraction, including automatically checking if
system_extand/orvendor/appis empty and deleting it.
Before using this script, ensure:
- Bash Environment: This script uses bash and is compatible with Linux and macOS systems with bash support.
- You will need to have a stock ROM files (or extracted stock ROM folders) ready to use with this script.
- Initially the script already has the appropriate permission to execute the extraction.
- In special cases aside, make sure you have permission to access the extracted folder, such as
extract_android_crypto_blobsor another folder you want to create2.
- In special cases aside, make sure you have permission to access the extracted folder, such as
git clone https://github.com/GitFASTBOOT/extract_android_crypto_blobs.git
cd extract_android_crypto_blobs-
Copy stock ROM folders to
extract_android_crypto_blobs/Firmwarefolder. Example:/Firmware/vendor&/Firmware/system&/Firmware/system_ext- Dont't worries if you stock ROM not have
/system_ext. - Usually the stock ROM system.img file is unpacked like this:
system/system/. Note that we want the second part ofsystemand therefore indicated like system/system/.
Click to open
- Dont't worries if you stock ROM not have
- Run3 the script according to the extracted extract_android_crypto_blobs folder or the folder that you created:
./extract_crypto_blobs.sh
After extraction, the sorted files are automatically copied into the following appropriate directories:
./system/lib64/: System libraries extracted../system/lib64/hw/: Extracted hardware libraries../system/etc/vintf/manifest.xml: Extracted manifest file../system/etc/: Extracted event-log-tags & task_profiles.json files../system_ext/lib64/: System extension libraries extracted../system_ext/lib64/hw/: Extracted hardware system extension libraries../vendor/lib64/: Vendor libraries extracted../vendor/lib64/hw/: Extracted vendor hardware libraries../vendor/bin/hw/: Extractedkeymaster,gatekeeper,keymint, and other relevant binaries files../vendor/bin/: ExtractedmcRegistry,teei_daemon,teedor service, production-line, tee clients and ca files../vendor/firmware/: Vendor binaries extracted../vendor/etc/vintf/manifest.xml: Extracted manifest file../vendor/app/mcRegistry/: Extracted if it exists../vendor/thh/ta/: Extracted if it exists../vendor/mitee/ta/: Extracted if it exists../vendor/app/t6/: Extracted if it exists.
-
Automatic Cleanup:
- Deletes empty directories after extraction.
- Cleans
system_extonly if it's completely empty. - Cleans
vendor/apponly if it's completely empty.
-
Binaries Search:
- The script searches for
keymaster,gatekeeperandkeymintbinaries/libraries files automatically.
- The script searches for
-
Services Search:
-
The script searches for
beanpod,trustonicandtrustkernelservices files automatically.Click to open
-
-
Support for Nested Extraction:
- Ensures extraction from complex directory paths like
vendor/bin/hw/,vendor/thh/ta,vendor/app/*.*and/or other special subfolders.
- Ensures extraction from complex directory paths like
Visualization and Explanation of script steps
If you copied stock ROM to Firmware folder - Click to open
| Step | happening | Step | happening | |
|---|---|---|---|---|
| 1- | Run the script | 6- | Debugging with encryption/decryption mode visualization | |
| 2- | Alert message so you don't forget | 7- | Script starts searching to copy | |
| 3- | Confirm your choice | 8- | Script searching and copying the files | |
| 4- | Answer the question | 9- | Skipping the folders&files not finded | |
| 5- | The script is starting | 10- | Script completion advise |
If you **NOT** copied stock ROM to Firmware folder - Click to open
| Step | happening | Step | happening | |
|---|---|---|---|---|
| 1- | Run the script | 4- | Answer the question | |
| 2- | Alert message so you don't forget | 11- | Simple message to continue script after required action | |
| 3- | Confirm your choice |
If you find any bugs or have feature requests, feel free to fork this repository, create a branch, and submit a pull request.
This script is licensed under the MIT License. For more information, check LICENSE.
Footnotes
-
If you want to learn more, visit Copying firmware files to the Device Tree - Mediatek ↩
-
This script already has permission. But if you have any doubts then you can check the script with
chmod +x extract_crypto_blobs.sh↩ -
Use whatever Terminal emulator you want/prefer. You can type directly into the Terminal or double-click on the sh file. ↩