• Announcements

    • Reminder - MoDaCo position on illegal content   07/30/15

      ILLEGAL CONTENT I'd like to just reaffirm MoDaCo's position regarding piracy and illegal content in the light of some recent questions / postings. Posts will be censored by myself or my moderation team if the contain or link to: Illegal / pirated / cracked software or sites that host such softwareNintendo emulators / ROMs or sites hosting them (in light of Nintendo's legal stance)CUSTOM ROMS You may discuss and post links to custom device ROMs on MoDaCo, provided the following rules are adhered to: ROMs must not contain any illegal 3rd party software (this includes trial versions included without permission)ROMs must give full credit to the original authorISSUES If you have any issues with this policy, please contact PaulOBrien directly via PM.
    • Reminder: Selling items on the forum directly is not allowed   07/30/15

      Please note that selling items on the forum directly is not allowed by the forum rules. There is a forum for eBay auctions whereby you can list the items on eBay and link to them there. This is the ONLY forum for this type of activity. You may also advertise links to the eBay forum in your signature. Please note that selling directly in contravention of these rules will result in a warning / suspension / ban.

Extracting UPDATE.APP HELP

33 posts in this topic

Posted (edited)

This thread is great and I love it (deletesmiley)

Does the install procedure actually check for a signature? I wouldn't be surprised if Huawei relied on security through obscurity.

Because we're like a bunch of blind lesbians in a fish market?

I could figure out how to compile https://github.com/terrex/unupdatapp but not in the next couple of weeks. Going away :-)

Also not sure if anyone has tried bin2app

Edited by tcpaulh
0

Share this post


Link to post
Share on other sites

Posted

I actually have bin2app.exe, but this one was for an old tablet. Neither the update.app contains a signature nor is the structure valid (the 0x55aa5aa5 is missing and other things).

I wrote a java program for extracting and crc-checking update.app, but the other way is still impossible.

0

Share this post


Link to post
Share on other sites

Posted

I actually have bin2app.exe, but this one was for an old tablet. Neither the update.app contains a signature nor is the structure valid (the 0x55aa5aa5 is missing and other things).

I wrote a java program for extracting and crc-checking update.app, but the other way is still impossible.

Would be interesting to see your java app and possibly the bin2app in case someone can hack it :)

0

Share this post


Link to post
Share on other sites

Posted

Would be interesting to see your java app and possibly the bin2app in case someone can hack it :)

Hands up anyone who'd be willing to test a package created by just such a homebrew programme. Come on now, don't be shy; it won't trash the partition table... honest.

0

Share this post


Link to post
Share on other sites

Posted

well some Huawei updates have bricked some phones so maybe the b952 update could cause a few also if someone tested this, if u get what I mean.

0

Share this post


Link to post
Share on other sites

Posted (edited)

Hands up anyone who'd be willing to test a package created by just such a homebrew programme. Come on now, don't be shy; it won't trash the partition table... honest.

The java app in question was for extracting. I'm guessing you're having a bit of a laugh about volunteers for flashing a repacked update. Not sure though :)

I'd potentially be up for it after having a discussion with the coder.

UPDATE.APP is digitally signed with a private key only Huawei has.

What could probably be done, is patch osbl to ignore signature verification and save it to /dev/block/mmcblk0p3

.

Repacking shouldn't be a major hurdle though it wouldn't have a valid RSA key.

bin2app here :- http://people.freedesktop.org/~hadess/huawei-e585/%E6%88%91%E7%9A%84%E5%85%89%E7%9B%98/release/

Edited by tcpaulh
0

Share this post


Link to post
Share on other sites

Posted

I'm guessing you're having a bit of a laugh about volunteers for flashing a repacked update.

Aye. Ohh, I seee - bin2app is ostensibly a Huawei tool. No more risky than using any another vendor tool, like Odin for example... :unsure: :blink: :D

0

Share this post


Link to post
Share on other sites

Posted

Aye. Ohh, I seee - bin2app is ostensibly a Huawei tool. No more risky than using any another vendor tool, like Odin for example... :unsure: :blink: :D

Pretty much. At least they use it. Probably not that version though. Patching the os bootloader (mmcblk03 off the top of my head :eek: ?!?) so it doesn't require the RSA signature is perhaps the biggest hurdle.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

MoDaCo is part of the MoDaCo.network, © Paul O'Brien 2002-2015. MoDaCo uses IntelliTxt technology.