Site Notice - We are currently investigating an issue with missing download links. Apologies for any inconvenience caused. PaulOBrien

  • Announcements

    • Reminder - MoDaCo position on illegal content   07/30/15

      ILLEGAL CONTENT I'd like to just reaffirm MoDaCo's position regarding piracy and illegal content in the light of some recent questions / postings. Posts will be censored by myself or my moderation team if the contain or link to: Illegal / pirated / cracked software or sites that host such softwareNintendo emulators / ROMs or sites hosting them (in light of Nintendo's legal stance)CUSTOM ROMS You may discuss and post links to custom device ROMs on MoDaCo, provided the following rules are adhered to: ROMs must not contain any illegal 3rd party software (this includes trial versions included without permission)ROMs must give full credit to the original authorISSUES If you have any issues with this policy, please contact PaulOBrien directly via PM.
    • Reminder: Selling items on the forum directly is not allowed   07/30/15

      Please note that selling items on the forum directly is not allowed by the forum rules. There is a forum for eBay auctions whereby you can list the items on eBay and link to them there. This is the ONLY forum for this type of activity. You may also advertise links to the eBay forum in your signature. Please note that selling directly in contravention of these rules will result in a warning / suspension / ban.

Repacking UPDATA.APP (was New version of split_updata.pl)

203 posts in this topic

Posted · Report post

I can't see any of the md5sums of the extracted files within the UPDATA.APP for any of the extracted files

I'm going to modify my crc16 to do the whole file and see if any of the checksums from the file are in that.

0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

Where can I get the time machine rom? Searching the forum gives too many hits.

An even smaller file you can get from the Pulse Mini forum - but those give "Invalid security code". Weird. I'd expect "Incorrect device" or something.

Actually, how about the CUSTOMIZED_HU file in the 2.1 update? That's incredibly small too.

Edited by Speckles
0

Share this post


Link to post
Share on other sites

Posted · Report post

Actually, how about the CUSTOMIZED_HU file in the 2.1 update? That's incredibly small too.

That is an awesome idea! I forgot that was a "proper" file too.

TimeMachine rom is on Huawei's website here

0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

Hmmm, I just found the CUSTOMIZED_UK/SK/NL etc. They are all very small and very similar, apart from one major difference: File id F3 is completely different in all of them. This is always the same size regardless of file length, but I don't think it could possibly load in 200MB+ (for the full updates) to verify the signature in such a small amount of time, so maybe it only validates the headers and depends on the headers validating the data via the crc's in the headers. It would make sense too, the F3 file is always the first one by the looks of it.

A 128-byte file would give a 1024bit signature. Sounds plausable. I think I need to see if I can check the headers using that file. The public key must be in updater executable somewhere.

Other than that, the CUSTOMIZED_xx just changes one file from "t-mobile xx" to "t-mobile yy".

Edited by Speckles
0

Share this post


Link to post
Share on other sites

Posted · Report post

Where did you find CUSTOMIZED_UK?

0

Share this post


Link to post
Share on other sites

Posted · Report post

Huawei released it for the Pulse Mini - it's close enough for the purposes in the topic :lol:

0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

file02.mbn appears to contain CRC checksums for some of the files. I'm guessing that it's not a 4096 byte checksum in this one, coz I can't find the checksum for larger files, so I just need to work out the size used... leave me on it :lol:

eg for the Time Machine rom

$ hd file02.mbn

00000000  27 91 42 fd f9 ac 26 fc  87 21 01 3e 48 9a de c9  |'.B...&..!.>H...|

00000010  d1 64 af 9f 4d 42 4f 10  04 1d 09 9d			  |.d..MBO.....|

0000001c


boot_versions.txt 2791  (bytes 1 and 2)

upgradable_versions.txt 099D (last 2 bytes)

version.txt 099D  (last 2 bytes as well... ahem)

file01.mbn 2109 

file02.mbn 7A7A (It can't contain the checksum for itself)

file04.mbn 42FD (bytes 3 and 4)

file05.mbn 01C9

Edited by ZeBadger
0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

Interesting... I wonder why they would do that? Secondly, I wonder if they have a file that contains checksums for the file headers?

Edited by Speckles
0

Share this post


Link to post
Share on other sites

Posted · Report post

Interesting... I wonder why they would do that? Secondly, I wonder if they have a file that contains checksums for the file headers?

I'm quite sure all the checksums for the files will be in this file. Just got to workout how they are stored. I'm confident that this will sort out my CRC error with my image :lol:

0

Share this post


Link to post
Share on other sites

Posted · Report post

I think you could be right. If you open the CUSTOMIZED_HU file, the FILE02 contains just two bytes 7D BD which happens to be the CRC16 of the file which contains the text "T-Mobile HU".

0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

I thought I had it for a minute. There are 117145030 bytes of data in the files, 7180 in file02.mbn, that gives around 16315 bytes per file. This is very close to 16k (16384).

I split the splash screen up with "split -b 16384 splash.raw565". This didn't give me anything recognisable when passed through crc_file

"split -a 10 -b 16383 splash.raw565" gave me lots of F078

$ for each in x??

> do

> echo $each: `./crc_file $each`

> done

xaa: F078

xab: F078

xac: F078

xad: F078

xae: F078

xaf: F078

xag: F078

xah: 1357

xai: 3F61

xaj: F078

xak: F078

xal: F078

xam: F078

xan: F078

xao: F078

xap: F078

xaq: F078

xar: F078

xas: 4FA7

There's a lot of F078 in file02.mbn which makes me think that for large amounts of NULL this is probably correct, but 1357 isn't and 3F61 are not in there.

EDIT: Doh doh doh... it's 2 bytes per chunk... so must be 32k chunks... Stupid coincidence of F078 and 78FO lol

Edited by ZeBadger
0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

Yup :lol: for the splash screen... the checksums are in there

$ for each in x??

> do

> ./crc_file $each

> done

78F0

78F0

78F0

9A0B

EE47

78F0

78F0

78F0

78F0

0E07

I'll recompile a crc creator for 32k... brb after rebooting into Linux! Okay it's here crc32k

Time to edit file02 then try re-flashing my phone!

Edited by ZeBadger
0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

Cool, I was just about to mention that the file02.mbn was too big for one crc per file and that it looked chunked into 32KB sections, but I'd not confirmed it as fast as you had and I don't want to post every thought as this isn't twitter :lol:

BTW, I use VMWare for Linux, much easier than rebooting :D

Edited by Speckles
0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

Cool, I was just about to mention that the file02.mbn was too big for one crc per file and that it looked chunked into 32KB sections, but I'd not confirmed it as fast as you had and I don't want to post every thought as this isn't twitter :D

Failing straight away on me now. "Update failed". First time was because I had forgotten to update the CRC for file02.mbn!

Now I'm getting :

**** SD download log ****

Failure: MD5_RSA verify failure.

Failure: operation did not succeed.  

Failure: operation did not succeed.  

Failure: operation did not succeed.  

Failure: operation did not succeed.  

Failure: operation did not succeed.  

dload_sd_ram_data_proc->(retry >= DLOAD_RETRY) failed!

Crikey... there must be an md5 in there somewhere too ? Maybe, as you had the same problems, this is something to do with how the file is assembled too.

That's enough tinkering for tonight... g/f is getting tetchy :lol:

Edited by ZeBadger
0

Share this post


Link to post
Share on other sites

Posted · Report post

I think it's the F3 file (file01.mbn), thats 128 bytes and changes drastically on every updata.app. I don't think it's just an MD5 either - I think it's an MD5 of the file headers (those have not been checked yet, only the data) and then that MD5 hash cryptographically signed by Huawei using there own private key which is then checked by the phone which has a copy of the public key.

0

Share this post


Link to post
Share on other sites

Posted · Report post

I think it's the F3 file (file01.mbn), thats 128 bytes and changes drastically on every updata.app. I don't think it's just an MD5 either - I think it's an MD5 of the file headers (those have not been checked yet, only the data) and then that MD5 hash cryptographically signed by Huawei using there own private key which is then checked by the phone which has a copy of the public key.

Hi,

I have been following this post for a while now (since it started), and I am very interested in what your doing. Unfortunately I don't understand much of what your talking about, so I was wondering if you could say roughly how close to completion you are on this, as I am sure there are many others in a simular position to me.

Thanx

Aaron

0

Share this post


Link to post
Share on other sites

Posted · Report post

Really, it's impossible to say. We think there just one hurdle left, but we've been thinking that for a while now and as soon as we jump over it, another one jumps in our way. It could end up being impossible, we just don't know yet. We need a proof of concept.

0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

I think it's the F3 file (file01.mbn), thats 128 bytes and changes drastically on every updata.app. I don't think it's just an MD5 either - I think it's an MD5 of the file headers (those have not been checked yet, only the data) and then that MD5 hash cryptographically signed by Huawei using there own private key which is then checked by the phone which has a copy of the public key.

Yeah I was looking in there... it's divisible by 32bits (_8_ md5 checksums... just need to know what they are checksums for, it's also 128 bytes in the TimeMachine rom)

I know how we can work out what it is for. It's not all of the headers as I have edited one of them and it didn't fail. I have however edited file02.mbn and got this error... but only after I fixed the CRC checksum for it! So we can just try bodging other files until we know which ones are affected.... okay I'm really going for the evening now!

I have been following this post for a while now (since it started), and I am very interested in what your doing. Unfortunately I don't understand much of what your talking about, so I was wondering if you could say roughly how close to completion you are on this, as I am sure there are many others in a simular position to me.

As Speckles says, it might not even be possible, if there's any cryptography we will probably hit a brick wall. We still haven't worked out the "something2" field... although one of my friends got the bug and has taken it away for analysis.

Edited by ZeBadger
0

Share this post


Link to post
Share on other sites

Posted · Report post

although one of my friends got the bug and has taken it away for analysis.

Erm whut? What bug? Analysis how and where? Is this the phone still or has your friend got diarrhea?

0

Share this post


Link to post
Share on other sites

Posted · Report post

:lol:

0

Share this post


Link to post
Share on other sites

Posted · Report post

:lol:

DAMMIT!! Why can't people answer me with words, instead of smiling at me!?

:D :D :) :D :) :)

0

Share this post


Link to post
Share on other sites

Posted · Report post

Erm whut? What bug? Analysis how and where? Is this the phone still or has your friend got diarrhea?

#5

bug

noun

1. insect, beastie (informal), creepy-crawly (informal), gogga (S. African informal) a bloodsucking bug which infests poor housing

2. (Informal) illness, disease, complaint, virus, infection, disorder, disability, sickness, ailment, malaise, affliction, malady, lurgy (informal) I think I've got a bit of a stomach bug.

3. fault, failing, virus, error, defect, flaw, blemish, imperfection, glitch, gremlin There is a bug in the software.

4. bugging device, wire, listening device, phone tap, hidden microphone There was a bug on the phone.

5. (Informal) mania, passion, rage, obsession, craze, fad, thing (informal) I've definitely been bitten by the gardening bug.

0

Share this post


Link to post
Share on other sites

Posted · Report post

#5

bug

noun

1. insect, beastie (informal), creepy-crawly (informal), gogga (S. African informal) a bloodsucking bug which infests poor housing

2. (Informal) illness, disease, complaint, virus, infection, disorder, disability, sickness, ailment, malaise, affliction, malady, lurgy (informal) I think I've got a bit of a stomach bug.

3. fault, failing, virus, error, defect, flaw, blemish, imperfection, glitch, gremlin There is a bug in the software.

4. bugging device, wire, listening device, phone tap, hidden microphone There was a bug on the phone.

5. (Informal) mania, passion, rage, obsession, craze, fad, thing (informal) I've definitely been bitten by the gardening bug.

Still don't get it, your friend is enraged and analyzing himself?

Lulz, you've lost me...

0

Share this post


Link to post
Share on other sites

Posted · Report post

Still don't get it, your friend is enraged and analyzing himself?

Lulz, you've lost me...

He's gotten obsessed with the puzzle.

0

Share this post


Link to post
Share on other sites

Posted · Report post

He's gotten obsessed with the puzzle.

Ah. I'm to stupid to see the puzzle than to become obsessed with it...

I think someone should work 24/7 , just to fix his friends obsession. *HINT HINT*

JK - I wouldn't rush you that much, you need an hour to sleep!

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

MoDaCo is part of the MoDaCo.network, © Paul O'Brien 2002-2015. MoDaCo uses IntelliTxt technology.