chickendrop89/extracting-fastboot-oem.md

Created March 20, 2025 22:31

Star (2) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/chickendrop89/009a369489d8540142f1cb5404735f24.js"></script>
Save chickendrop89/009a369489d8540142f1cb5404735f24 to your computer and use it in GitHub Desktop.

Download ZIP

Extracting hidden fastboot oem commands

Raw

extracting-fastboot-oem.md

This is my way of extracting hidden `fastboot oem` commands using `ghidra`

May or may not work for various SoCs, i have tested this on Xiaomi Redmi Note 12 4G (Qualcomm sdm685)

Download a firmware archive containing a ABL image.
Extract the archive, change directory to where the image is located, and run:

# If not installed already
pip install uefi_firmware

# Check the output for "PE32 image selection", try a different image if it's not there
uefi-firmware-parser -b abl.img 

uefi-firmware-parser --superbrute -e abl.img

If the superbrute command was succesful, you will be met with a list of files. Search for a file with the .pe extension, and import it to Ghidra.
Analyze it with the default selection, and then in the ghidra menu, select this in such order: Search > For Strings > Confirm > and Filter "oem"
Extarct the oem <option> strings that look interesting, and then boom, you're done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment